Computer Hacking

Probably a stupid question, but if your PC is hacked into, are all files such as MS Works open for perusal by the hacker? I had cr. card and password info in such files that I have now deleted.

 

Thanks, Tim...

 

Dang, man... you should never store your passwords on the system. As a suggestion, perhaps for your future consideration, maybe use a memo app on your smart phone? Personally, I don't even let browsers save my passwords (for the most part). My go-to spots to see... for instance... what a "better half" is doing, I hit the Credentials Manager applet in the control panel and Chrome's saved passwords. Essentially, using either one of these features is like a treasure chest for prying eyes and/or hackers. Crack ONE lock, and you get it all!

In my case, I obviously know the password into my own system which allows me to view any stored passwords, but even if I didn't, allowing a single password the power to reveal any and every other password you may have stored just seems like a horrible idea. And... I apologize as no offense is intended, but having such passwords contained on the system in a file sounds even worse, especially any type of text document that clearly spells them out in black and white. If keeping the file on your smartphone doesn't appeal to you or isn't possible or acceptable to you for whatever reason, there are two other alternative methods I can think of right offhand which I'd urge you to consider.

• Small Flash Drive - $10 or less for 4 GB of removable storage, disconnected from your main system, and able to be stored at a seperate location if the need should arise.
• File Encryption - An encryption program would allow you to maintain your old, familiar method of storing your information in an MS Word file, but cannot be deciphered without your encryption key (ironically, also typically stored on a flash drive). The advantage to encryption is that it more or less guarantees that even if your system is compromised, any information and/or files you've encrypted will be useless to anyone without your key. *** Obviously I'm only referring to 128 bit encryption.

I hope you decide to look into one of these suggestions or find some other security measure that suits you... it's imperative. Entire corporations and enterprises have built a business around the need for system security alone. That's been the fight for years, and right now, you're in that fight... with no weapons or armor.

 

If your pawned, it wont matter where you store your passwords because they can see everything you attempt to access over time.
They might place a keylogger payload, inject a backdoor or run a reverse powershell. They can sniff your devices probes to spoof connection to a rouge access point if they wish, and the list goes on once access is gained.

You must specify the type of hack and what he/she has done to comprimise you!
There are many!
Tim is right....how much time do they have, and are you worth it?

 

Ewwww... "pawned" eh? That's a new term on me, but yeah... you're right. When I started dabbling in the PowerShell, I literally said "uh-oh" outloud, to myself. I'll spare you my long ideals and thoughts on the whole matter, but suffice it to say I believe access to such a console is putting too much power in the hands of individual PC users, unbound by any policies, rules, regulations, or even a code of ethics... not like a business or corporation such as Google or Microsoft. Ultimately, any individual with enough knowledge and "ambition" to gain unauthorized access to other systems, I fear there will be no limitation as long as the target OS is capable of running PowerShell scripts. I can't think of a single thing... absolutely nothing... a lone 'hacker' wouldn't be able to do on some victim's machine, and with its progress geared towards interacting with .NET Framework, soon it may not matter what version of Windows you run so long as .NET is installed!

I ultimately have to conclude that you're right... whether its a likely scenario in every case or not, you're definitely correct. I just feel as though I'd be more alert and aware in regards to my personal system. For instance, keyloggers are detected fairly easily with Antivirus/Rootkit scans. Port sniffing or other types of network attacks seem of little concern to anyone with a halfway decent firewall, and with higher end routers, such an attack is more or less non-existent, only being possible through permission given by a local user (like the 'are you sure you want to allow this program to run' UAC dialog box).

-side note: please forgive, ignore, or pay me no nevermind as my recreational activities sometimes involve rambling meaninglessly and pointlessly for pages and pages... I apologize in advance! If you'd rather... just stop reading here and let the thread die. Or... perpetuate this ideological, philosophical nonsense that I often indulge in. I openly welcome different ideas, perspectives, and even criticism... as long as its in a constructive manner! So... read on, or back arrow now.

I'd consider a trojan/backdoor the biggest threat. No Antivirus program can detect every existing threat that may find its way into your system, and without symptoms frequent or severe enough to draw attention or cause concern, further scanning and/or investigation wouldn't typically be done. In that regard, such a program could run for an extended amount of time on a system, completely undetected, but without engaging in questionable activities, the initial cause of such an infection would be highly unlikely.

In the end, I am entirely capable of admitting you're absolutely right, but... but... taking precautions and practicing good defense and security will undoubtedly reduce the chance of something like this happening. I pay for my antivirus program and have scans scheduled to run daily, if only quick scans. I honestly don't use any kind of encryption, but I would think using this type of protection would be extremely difficult to circumvent. Sure, I suppose code could be written to instruct a program to copy files that are likely to be personal (i.e. .txt, .doc, .docx, .xls, .jpg, etc.), ignoring files belonging to the system or installed applications... while also scanning for any hardware changes to detect if and when a USB device, Smartphone, or external hard drive is connected, immediately repeating the same code and copying everything potentially 'valuable'.

Although, if all the aforementioned files were encrypted with a 128 bit key, the only hope of obtaining anything useful from a theoretical mountain of files... would depend solely on that one little decryption key. Obviously, if malicious code runs for long enough on someone's system without being detected, chances are, it's going to score that 128 bit key... the key to unlock eeeeverything. I'm interested in what you're describing though... I'm sure I can research and find some intriguing information, but if you happen to know more about this, particularly the more fundamental, technical aspect of threats, I'd love to learn more about it.

 

That was a good read Trex.......your knowledge in security is heading in the right direction, and i can tell its of interest to you, or rather intrigues you somewhat.

Remember, anything running on your system can be a powerful tool, and on the other side of the coin, a powerful enemy.
It does no good to blame single applications such as Powershell or .net framework, as anything can be responsible for weakness or strength.
There is always something else weaker and more vulnerable, ready to fill the void.

What we need to focus on is improving our defences every day, test for your weak spots, know them, and improve them.

Keep researching and reading......the light at the end of the tunnel shall shine soon!

We are always here if you have questions!

 

Well, Spectre 2.0 has apparently surfaced.

Should we start a new thread, or have some chat time? Just tripped over this.

Edit: BTW, an undiagnosed rootkit garnered me a Dell XPS some years ago. Someone threw it in the trash...

 

Yes, interesting.......seems as today 8th May is patch day from MS. (optional)
The scary thing is that one of the new flaws simplifies the ability to attack across system boundries. Your VM is not encapsulated anymore should it be infected.

Good find mekanic, I will watch any new thread with interest.

 

Hey, thanks for the reply! I've been trying to pry myself away from the helpless addiction of "gaming" that has sucked countless hours from my life, when... before that... I had found passion and ambition in coding and programming in a few languages. I've started to take the first steps back into this more constructive and productive 'obsession' of learning the power of programming, but it seems a bit discouraging at times... to think of how far behind I am at this point... for when I first began, I was dabbling in QBASIC (HA!) on a Tandy 1000. Then I took a few courses in college... Perl scripting on Unix systems, and Visual Basic 6.0.

Thank you for the encouraging words, and advice!