Attacker told my daughter he'd hacked our internet - help

2»

Answers

  • MarcMarc Moderator, Beta Tester Posts: 1,523
    100 Answers 1000 Comments 500 Likes 100 Awesomes
    ✭✭✭✭✭✭
    Folks, just because something is open source, it does not mean it’s hack proof.  It means that there is a better chance of people finding and fixing issues before it becomes a problem or patching after but not always. Likewise, closed sourced software is not all bad. There is some pretty terrific versions of that as well. Bottom line everyone has a choice as to what they want to use.  Do your homework, secure what you use by following best practices. 

    @VABelle, don’t throw the smart home devices away. They are fine as long as your careful in the brands you choose and once again in securing them, what you use them for and where you put them. 
    Thats Daphnee, she's a good dog...
    OKCKomo
  • KomoKomo Member Posts: 30
    10 Comments Name Dropper 5 Likes Photogenic
    ✭✭

    @Marc great points. I think the gentleman above misunderstood what I was saying when I said open source is the way to go. If a device connects to the internet, it is NOT “hack proof.” If a device has Bluetooth capabilities, it is not “hack proof.” The most secure operating systems as of today, are not even hack proof. So Technically, any device can get hacked. Lowering the attack surface can help and being aware of vulnerabilities in the devices you own, helps. Even if you do everything right, if a company you do business with gets hacked and your info is leaked you can be compromised.

    Marc
  • OKCOKC Member, Beta Tester Posts: 62
    5 Answers 10 Comments 5 Agrees 5 Likes
    ✭✭
    Komo said:

    @Marc great points. I think the gentleman above misunderstood what I was saying when I said open source is the way to go. If a device connects to the internet, it is NOT “hack proof.” If a device has Bluetooth capabilities, it is not “hack proof.” The most secure operating systems as of today, are not even hack proof. So Technically, any device can get hacked. Lowering the attack surface can help and being aware of vulnerabilities in the devices you own, helps. Even if you do everything right, if a company you do business with gets hacked and your info is leaked you can be compromised.

    I didn't misunderstand; I quoted what you said and I said I didn't agree with it.
    "best thing to do is use open sources hardware and software. Otherwise, there’s nothing you can really do and can keep being attacked."

    This one is pretty obvious.
    "Even if you do everything right, if a company you do business with gets hacked and your info is leaked you can be compromised."
    Buffalo Wild Wings was hacked and peoples information was breached. The US Government was hacked and my information was compromised and now they furnish Identity theft for so many years. Someone is always trying to get into one of my emails that's posted on the dark web.

    Please don't think I am being rude or mean because I am not.


    Komo
  • KomoKomo Member Posts: 30
    10 Comments Name Dropper 5 Likes Photogenic
    ✭✭

    @OKC I don’t think you are being mean at all. I stand corrected.

    Thank u, I should’ve been more specific and used proper pronouns.

    In my comment about open sourced hardware/software- I meant in relation to the original poster’s security equipment. An example: Ring and Nest have recently made it big on national news about their breaches and data leaks. The actual equipment has hardware and software issues(closed source) which just makes problem on top of problem. The consumer buys a flawed product from a company that has been breached. Talk about adding insult to injury!

    I am also experiencing something similar with Xfinity and their products. Unfortunately xfinity has monopolized the ISP in my area.

  • VABelleVABelle Member Posts: 56
    10 Comments 5 Likes Name Dropper Photogenic
    ✭✭

    I have reason to believe that one of the biggest security weaknesses is the use of phone apps. I had a security system installed by a reputable company in business for over 40 years. They assured me that the new equipment was state of the art and designed to deter not only burglars but hackers too. But it only took 3 days for Hacker to figure out how to get into the system, disable notifications and turn off the cameras. I know this because I had received several notifications of failed attempts to log into my account. I use a password program that generates long, complex passwords but even that seems worthless. Perhaps the alarm company’s system was well done but their app is full of holes.

  • SimoneSpinozziSimoneSpinozzi Member, Beta Tester Posts: 88
    25 Likes 10 Comments 5 Awesomes 5 Agrees
    ✭✭✭
    @Marc

    we seem to have a "very (very) different" definition of scorched earth. I was telling to somebody who ***had already*** sustained an attack how to minimize the chances to leave the attacker still in possession of tools... ***without*** using a scorched earth policy.

    Checking if the attack was real, then clearing cache, then uninstalling stuff that is "suspicious" and you never remember installing and never use, and finally read what are the security settings on anything that is not your main PC and change passwords and users around ... looks like very basic, and very bland stuff to me.

    If you think what i suggested (and summarized above) is "scorched earth" you have a very different idea. It is actually very bland ***basic and generic*** security for an ***after breach***. I don't even know if i'm talking about a cellphone, tablet, game console, or PC and if it's Mac or IBM-compatible stuff. I know zero, therefore i tried to stay as generic as possible.

    Telling somebody how to ***prevent*** attacks is.... useful... to a certain degree when said person was ***not already*** breached.

    I told the person how to tell if there actually ***is*** a breach (most times there has not even been a breach, just the fear of one exploited thanks to social engineering and that can lead to an actual breach). And if there has been one how to remove it in the blandest way that saves as much as possible of one's own system... without knowing what said system is.

    Actual scorched earth would be to remove all data storage (including bios eproms), fry that with high electricity and sell the rest of the electronics for scraps. Because that is ***cheaper and more time efficient*** than trying to root out some of the attacks i have seen.

    I have seen people attacking from USB keys which had their firmware rewritten, i've seen actual hackers flashing bios eeproms on user machines at reboot... remotely. And yes even people using 1x1 transparent images and javascript in a webpage that was not even the active tab to send all keystrokes to themselves. I've honestly seen all kinds of stuff.

    What i am suggesting is very bland and basic stuff that a user can implement, because randomized and non-targeted attacks to totally random people... just tend to be massive distributed stuff that, let me tell you, fairly suck as far as attacks go... but that anybody who has never even bothered to understand even very basic security finds "science-fiction"-y while it's real dumb stuff that exploits fear and ignorance.

    Heck most of the times it's your phone that has been breached, because people use phones to do the most dangerous stuff without even knowing... at which point you are better off buying a new phone rather than trying to re-install it because most assuredly what has been compromised is the very tool that would allow you to format everything and reinstall from scratch your own phone and therefore removing the virus is basically the same as bricking your phone unless you send it to the company that made it... at which point they usually switch the main board that has everything on it ... honestly it takes less time, i agree with them.

    Though i don't agree with their standard "trashing" policy which is "just dump them here" which is usually both sucky as far as recycling goes and leaves all that electronics ready to be reaped by scavengers searching for personal info on non-cleared phone roms.
Sign In or Register to comment.