please wait
Dubious questions?
Aug 6, 2011 at 2:36pm
Does this site have a policy about dubious questions?
I see some rather "phishy" question being asked, which people decline to answer. But then another person come along and provides the required information.
I see the same thing happening on some other site, but there are yet others wherr this kind of thing is quite tightly policed and suspicious topics are closed by the forum's moderators.
Of course, there are times when (e.g.) accessing another process's memory is useful, but this should only ever be done for dignostic purposes.
And it's an advanced topic. So I get suspicious if the questionner doesn't already have a good grounding in the basics of C++ and the operating system they're using. I would expect then to also be very familiar with MSDN and the like!
I see some rather "phishy" question being asked, which people decline to answer. But then another person come along and provides the required information.
I see the same thing happening on some other site, but there are yet others wherr this kind of thing is quite tightly policed and suspicious topics are closed by the forum's moderators.
Of course, there are times when (e.g.) accessing another process's memory is useful, but this should only ever be done for dignostic purposes.
And it's an advanced topic. So I get suspicious if the questionner doesn't already have a good grounding in the basics of C++ and the operating system they're using. I would expect then to also be very familiar with MSDN and the like!
Aug 6, 2011 at 4:17pmclosed account (zb0S216C)
| andywestken wrote: |
|---|
| (e.g.) accessing another process's memory is useful, but this should only ever be done for dignostic purposes. (sic) |
Not always. SAS (Super Anti-Spyware) scans any current items within the memory. However, without them providing a clear indication on what they intend to do with such code, we can't really say much, only warn them about the consequences of modifying memory items (if that's what they intent to do). Since questions like that aren't asked all that frequently, it seems suspicious to us.
If they insist on asking such suspicious questions, they could be a little more subtle.
Wazzak
Last edited on Aug 6, 2011 at 4:18pm
Aug 7, 2011 at 2:49pm
This has crossed my attention from time to time as well. Personally, I'm not that worried after all THEY came to US for help so how much of a threat could they be?
My Personal Thoughts On This Subject: Any jackass can write a payload, that is the part of the malware that actually does something. The easiest piece of malware to write afterall is a fork bomb and you'll know how to do this after a few hours of studying C or C++. You want to know about Thread or DLL injection? The functions to do this are in Kernel32.dll (Which is loaded into every process started on a Windows machine) and very well documented on MSDN AND Boost. I'm not saying that this means we should help them but even if we don't, the dedicated ones will still find their answers pretty quick so someone giving them an answer doesn't actually impact the situation as much as you might think.
I can say that I have NEVER, NOT ONCE EVER, seen a thread here asking about an attack vector, that is how to actually get your program to run on the target machine. These are the real threats and secrets in the Black Hat community and if anything what we should be cautious about contributing to. This is after all what makes Metasploit relavent.
Our duty should be to warn the people who post these about what they are getting themselves into, things like the Computer Fraud and Abuse Act here in the US are too old for the younger ones to have heard about but is still very relavent today. The fact that anything they do on a computer will probably cross state lines and that instantly becomes Federal jurstiction is another thing to point out. With things like LOLSec and Anonymous constantly in the press for "Hack-tivism" we won't see a drop in these threads anytime soon but that doesn't mean we should let some kid ruin his life by becoming an "example".
Remember how big of a deal it was when police thought they actually caught a ringleader in Anonymous? That's because it's the "minions" that are always getting lynched, this is how Anonymous operates, and if all we have to do is link to some code from google to get these kids to listen to our warnings then I'd say it's well worth contributing to a doubious post.
My Personal Thoughts On This Subject: Any jackass can write a payload, that is the part of the malware that actually does something. The easiest piece of malware to write afterall is a fork bomb and you'll know how to do this after a few hours of studying C or C++. You want to know about Thread or DLL injection? The functions to do this are in Kernel32.dll (Which is loaded into every process started on a Windows machine) and very well documented on MSDN AND Boost. I'm not saying that this means we should help them but even if we don't, the dedicated ones will still find their answers pretty quick so someone giving them an answer doesn't actually impact the situation as much as you might think.
I can say that I have NEVER, NOT ONCE EVER, seen a thread here asking about an attack vector, that is how to actually get your program to run on the target machine. These are the real threats and secrets in the Black Hat community and if anything what we should be cautious about contributing to. This is after all what makes Metasploit relavent.
Our duty should be to warn the people who post these about what they are getting themselves into, things like the Computer Fraud and Abuse Act here in the US are too old for the younger ones to have heard about but is still very relavent today. The fact that anything they do on a computer will probably cross state lines and that instantly becomes Federal jurstiction is another thing to point out. With things like LOLSec and Anonymous constantly in the press for "Hack-tivism" we won't see a drop in these threads anytime soon but that doesn't mean we should let some kid ruin his life by becoming an "example".
Remember how big of a deal it was when police thought they actually caught a ringleader in Anonymous? That's because it's the "minions" that are always getting lynched, this is how Anonymous operates, and if all we have to do is link to some code from google to get these kids to listen to our warnings then I'd say it's well worth contributing to a doubious post.
Last edited on Aug 7, 2011 at 2:52pm
Aug 7, 2011 at 3:58pm| that doesn't mean we should let some kid ruin his life |
The way I see it, we all know perfectly well what we're doing. I see no problem with teaching someone how to hack the Gibson, or how to learn how to do it, because it's not the same as giving a gun to a monkey. Everyone needs to learn self-control, and some just need to learn the hard way.
| how Anonymous operates |
Aug 7, 2011 at 8:52pm| Sigh... If you could only hear how stupid what you're saying sounds. |
Hah, I shouldn't laugh, but I'm interested. Care to expand on that post helios?
Aug 7, 2011 at 9:38pm
Referring to "Anonymous" as a single organized group reveals not just a very superficial understanding of Internet subculture, but also ignorance of the English language. Any person who doesn't reveal their name is "anonymous" (capitalization is optional), and the word has in recent years morphed its meaning to refer collectively to the entire group of people who are anonymous. Now, while it's true that there are subgroups within this group who have some common interests and goals, the fact is that, as a whole, it's a very heterogeneous community. So much so that it's not possible for any of the subgroups to claim to speak or act in representation of "Anonymous" without being dirty liars. The group known as "Anonymous" is the antithesis of organization simply due to its size and the way it's defined. "How Anonymous operates" is entirely meaningless because there's no MO (there couldn't be). Some spend their time hacking (in the old MIT sense), some spend their time translating, some even do some software development; but most simply do nothing.
There are no minions and no ringleaders*. It's only a mass of people having fun (sometimes at the expense of others) in their free time.
*Occasionally, some small groups that have a hierarchical structure may crop up. They're exceptions within exceptions.
There are no minions and no ringleaders*. It's only a mass of people having fun (sometimes at the expense of others) in their free time.
*Occasionally, some small groups that have a hierarchical structure may crop up. They're exceptions within exceptions.
Aug 8, 2011 at 1:47pm
@ helios: I'm more familiar with Anon then you seem to think. I used to be one of those kids that was dazzeled by their antics when they first cropped up and I wanted so much to be like them that I spent at least a few hundred hours trolling through websites, chat rooms, IRC channels, BBS's and really anything I could find with that "Hacker" subtext to try and find them.
There are key players in the community, the ones who actually have a talent for what ever it is that they do and stay active within the group. There was a reason I put "minions" in quotes, I was trying to use this word to refer to the ones who get caught up in the "hacktivism" crap with little to no knowledge of what they are doing. These are the kids running LOIC off of their parents computer because some guy in a chat room got them all rilled up about some precieved injustice.
You said that this wasn't the same as giving a monkey a gun and I have to agree. To me this is like giving a monkey a live hand gernade because only a few of them will actually precieve the danger and throw it away and the rest will get caught in the blast.
I even know that LOLSec is one of the "small groups" that you're refering to.
EDIT: Overall I want to reiterate that ANYONE can write a payload. So I don't see any harm in helping them.
There are key players in the community, the ones who actually have a talent for what ever it is that they do and stay active within the group. There was a reason I put "minions" in quotes, I was trying to use this word to refer to the ones who get caught up in the "hacktivism" crap with little to no knowledge of what they are doing. These are the kids running LOIC off of their parents computer because some guy in a chat room got them all rilled up about some precieved injustice.
You said that this wasn't the same as giving a monkey a gun and I have to agree. To me this is like giving a monkey a live hand gernade because only a few of them will actually precieve the danger and throw it away and the rest will get caught in the blast.
I even know that LOLSec is one of the "small groups" that you're refering to.
EDIT: Overall I want to reiterate that ANYONE can write a payload. So I don't see any harm in helping them.
Last edited on Aug 8, 2011 at 1:59pm
Aug 8, 2011 at 6:04pm
Some people just need to get their arms blown off to learn. And you know what? Good riddance.
Aug 8, 2011 at 8:05pm
@ helios: I'll conceed that's a valid way to look at it.
@ CreativeMFS: Virus's can be Object oriented to when they are being "written" by script kiddies or copy-pasta hacks. I break this up into two sections the Attack Vector and the Payload.
The Attack Vector is the method you use to get your code copied to and running on the other machine, this is generally limited in size so the functionality is stripped down. For example lets say you slap together a malicious banner ad, when someone goes to a site and that banner plays on their machine the images and data from that banner are copied to their Temp folder. If you then use say an exploit in a popular framwork to then execute code hidden in that data to connect to an FTP server and copy your virus to their machine then that is your Attack Vector. EDIT: Like I said earlier, this is the only part that I would hesitate to contribute to for a couple of reasons. The main one being that reliable ones are often VERY difficult to find so one doesn't just hand them out to complete strangers on a whim.
This is seperate from a Payload which is the actual code that executes and does stuff like set off a fork bomb or log the users keystrokes and sends them to China, this is the component that people generally recognize as the "virus" since it's the truely malicious part. This is downloaded and executed by the Attack Vector.
This is probably an over simplification of a rather in depth and interesting art. For example, a Rootkit is often both a Payload AND an Attack Vector, so this isn't an all inclusive description of every virus ever written.
@ CreativeMFS: Virus's can be Object oriented to when they are being "written" by script kiddies or copy-pasta hacks. I break this up into two sections the Attack Vector and the Payload.
The Attack Vector is the method you use to get your code copied to and running on the other machine, this is generally limited in size so the functionality is stripped down. For example lets say you slap together a malicious banner ad, when someone goes to a site and that banner plays on their machine the images and data from that banner are copied to their Temp folder. If you then use say an exploit in a popular framwork to then execute code hidden in that data to connect to an FTP server and copy your virus to their machine then that is your Attack Vector. EDIT: Like I said earlier, this is the only part that I would hesitate to contribute to for a couple of reasons. The main one being that reliable ones are often VERY difficult to find so one doesn't just hand them out to complete strangers on a whim.
This is seperate from a Payload which is the actual code that executes and does stuff like set off a fork bomb or log the users keystrokes and sends them to China, this is the component that people generally recognize as the "virus" since it's the truely malicious part. This is downloaded and executed by the Attack Vector.
This is probably an over simplification of a rather in depth and interesting art. For example, a Rootkit is often both a Payload AND an Attack Vector, so this isn't an all inclusive description of every virus ever written.
Last edited on Aug 8, 2011 at 8:08pm
Aug 12, 2011 at 5:19pm
Thanks for all your input. As I know nothing about attack vectors, I can relax and just answer any question I feel like!
Andy :-)
Andy :-)
Topic archived. No new replies allowed.