How Hackers Protect Themselves From Getting Hacked

Spawn

Administrator
Verified
Staff member
Jan 8, 2011
20,667
When Adrian Lamo goes online, he leaves nothing to chance.

To log in to personal accounts, he uses a digital password generator -- a plastic key chain-like device that displays a new string of digits every 60 seconds. He adds an extra layer of security to some accounts by entering a special code that he receives via text message. And he uses browser extensions to avoid downloading malware by accidentally visiting dangerous Web sites.

Some techniques “may seem like a ‘Mission Impossible’ level of security to the average user," Lamo said. But the average user could learn a thing or two from hackers like Lamo, who are not only skilled at breaking into others' PCs, but have devised sophisticated -- in some cases, extreme -- methods for protecting their own.

Read more : Direct Link

Article contains some interesting reading material, enjoy! :D

Code:
When Adrian Lamo goes online, he leaves nothing to chance.

To log in to personal accounts, he uses a digital password generator -- a plastic key chain-like device that displays a new string of digits every 60 seconds. He adds an extra layer of security to some accounts by entering a special code that he receives via text message. And he uses browser extensions to avoid downloading malware by accidentally visiting dangerous Web sites.

Some techniques “may seem like a ‘Mission Impossible’ level of security to the average user," Lamo said. But the average user could learn a thing or two from hackers like Lamo, who are not only skilled at breaking into others' PCs, but have devised sophisticated -- in some cases, extreme -- methods for protecting their own.

It has become increasingly easy to fall victim to hackers, from downloading malicious email attachments to logging in to fake banking sites. An estimated 71 million people in the United States were victims of cybercrime last year, costing them about $21 billion in damages, according to a report this year by Symantec.

Cybercriminals are finding new ways to bypass traditional security methods like passwords and antivirus software. Hackers are now using free software that tests millions of commonly-used passwords in seconds. One tech writer who was hacked this year proclaimed that passwords are now obsolete. And many security pros say they don’t use anti-virus software because cybercriminals are testing their methods first against popular antivirus software.

So, if traditional cybersecurity methods are no longer enough, how does the average computer user defend himself?

Jeffrey Moss, a well-known hacker who goes by the online nickname "Dark Tangent," recommends disabling Javascript -- a popular programming language -- in Adobe Reader, because hackers often insert malware into PDF documents.

Moss also installs an extension for the Firefox browser called NoScript, which only allows trusted websites to run JavaScript. And he uses two Web browsers, reserving one solely for sensitive activities like online banking in case the other browser becomes infected.

"The trick is to never have a dangerous web page and a banking web page open at the same time," said Moss, the creator of the DefCon and Black Hat hacker conferences.

Two summers ago, I attended DefCon, which Moss hosts every August in a Las Vegas hotel. At the conference, where the world's best code crackers discuss the latest hacking techniques, a teenager in a purple mohawk warned me to carry a wallet with copper mesh lining because hackers could bump against my pocket with a card reader and steal my credit card information.

He also reminded me to only visit websites that start with "https" instead of "http" so hackers couldn’t eavesdrop on my Internet traffic on the hotel’s wireless network. Last fall, a free program called Firesheep was released, making it even easier for hackers to snoop on users via public Wi-Fi networks.

Lamo and other security pros protect themselves by using HTTPS Everywhere, a browser extension that encrypts online communications so hackers can't listen in.

Andrew Auernheimer, a hacker known online as “Weev,” also uses “off-the-record messaging” services, which ensure that no one eavesdrops on his online chats, enable him to identify the other participant in the conversation and leave no trace that the conversation took place.

“It’s a way for people to chat securely in real time,” Auernheimer said. “Pretty much everybody I know uses it. It’s about protecting your privacy.”

Auernheimer was recently convicted of illegally accessing AT&T's servers and stealing more than 120,000 email addresses of iPad users. Lamo is known for his 2004 conviction for breaking into the internal computer network of The New York Times, and for turning in Army Pvt. Bradley Manning for leaking classified military and State Department files.

Companies frequently issue “patches” to fix security flaws before hackers can exploit them. But that can takes several days or even weeks. Auernheimer says he can't remain vulnerable to attackers for that long. So he asks a security researcher to issue him a “hot patch” -- or a temporary band-aid that closes the security flaw until the software company fixes it.

For the average computer user, all of these measures might seem extreme. And Lamo said even his methods can't ensure total online protection. The best security method, he said, is a healthy dose of skepticism.

“Personal online security is less about fancy countermeasures and more about paying attention and not being gullible,” Lamo said. “All the technology in the world is not going to help someone who can't be bothered to double-check whether they are in fact on their bank's actual website before entering their login credentials.”
 

McLovin

Level 76
Verified
Trusted
Malware Hunter
Apr 17, 2011
9,224
Very interesting article. Never have I heard about a hacker that wants to protect himself from other hackers out there. Also hackers are getting really desperate to steal your Credit Card details via a card stealer when touching your back pocket, anyway I always have my cards like that in my front pocket anyway just in case someone does just pick pocket me. Also having passwords are now "obsolete" how are we then to protect ourselves? Have a big padlock on out computer with chains? Really scary if you put into terms like that. Also never even heard of the addon, HTTPS Everywhere, got it installed now, which is good.

Also a question while on HTTPS, why not MalwareTips get's a secure connection? I know it can be done for MyBB, because I had to set it up for a site myself.

Nice read again Earth, thanks for the article. :)
 

McLovin

Level 76
Verified
Trusted
Malware Hunter
Apr 17, 2011
9,224
Umbra Corp. said:
finally im not paranoid, im wise :D

I think you've always been wise when it comes to computer security. ;)
 
D

Deleted member 178

Thanks McLovin, it is good to got nice words the morning ^^
 
I

illumination

McLovin said:
Also never even heard of the addon, HTTPS Everywhere, got it installed now, which is good.

HTTPS Everywhere is an excellent addition, i have been using for a while. Using it combined with, Lastpass, Adblock Plus, Noscript, and a cookie manager, i consider them necessities now days.

Umbra Corp. said:
finally im not paranoid, im wise :D

I have never considered this paranoid, i call it Preventive Maintenance. :D
 

McLovin

Level 76
Verified
Trusted
Malware Hunter
Apr 17, 2011
9,224
thewolfsmith72 said:
HTTPS Everywhere is an excellent addition, i have been using for a while. Using it combined with, Lastpass, Adblock Plus, Noscript, and a cookie manager, i consider them necessities now days.

I don't go to any browser and use it if they at least don't have Adblock Plus, Lastpass, Noscript and DoNotTrackMe.
 

Exterminator

Community Manager
Verified
Staff member
Oct 23, 2012
12,628
Interesting Article.Man that article sounds awfully close to a certain someone here......Umbra your a pretty handsome man:p

 

McLovin

Level 76
Verified
Trusted
Malware Hunter
Apr 17, 2011
9,224
White Nobster said:
Interesting Article.Man that article sounds awfully close to a certain someone here......Umbra your a pretty handsome man:p

http://img854.imageshack.us/img854/8272/rhackerssecuritytipslar.jpg

Ha, now we know what he looks like we can take down his corporation. :D
 

Gnosis

New Member
Apr 26, 2011
2,782
Interesting Article.Man that article sounds awfully close to a certain someone here......Umbra your a pretty handsome man

That is a pretty sharp looking cat, but I believe it would take away from that if he wore his earring.

the guy is average, im nicer

If that is the case, you may not need a lot of money after all; you can simply show up at the party when all the inhibitions are lowered--let someone else buy their drinks and then seduce.

So he asks a security researcher to issue him a “hot patch” -- or a temporary band-aid that closes the security flaw until the software company fixes it.

I would be more gung ho about patching if I could have some "hot patches" issued to me. haha
 
Top