What is Digg?Sponsored by Dragon Age: Origins
Can't get enough Dragon Age: Origins? Play the flash game. view!
DragonAgeJourneys.com - Play the free companion flash game to Dragon Age: Origins.
45 Comments
- eliot2000, on 10/12/2007, -2/+94I personally will digg any story labeled "cool and illegal". "Cool and Illegal cake recipes"? Dugg.
- ucg1, on 10/12/2007, -1/+13Not if the hacker is trying to exploit Mac vulnerabilities. Remember, the hacker can look around the place and see that there are Mac users and decide to exploit Safari holes. Less likely than IE, but if you think there are no holes in Safari (or Firefox) out in the wild you are sadly mistaken.
- cogit0, on 10/12/2007, -0/+11Ah, but the knowledge gained is half the fun for hackers. In fact, thats the main reason why "legitimate" hackers do what they do: they find the exploits, tell the owner about them and how to fix them, and all in the interest of informing both themself and whoever else was involved.
- Thickey, on 10/12/2007, -0/+11People who post this sort of stuff should be rewarded. The more people who know about this sort of thing and are wise to it the better we should all be.
- willemmulder, on 10/12/2007, -8/+17HaxorBoba:
Cool and Illegal language huh?? - Corvillus, on 10/12/2007, -0/+8Generally, you're in a better position to protect yourself if you know EXACTLY what you're protecting yourself from. In order to do that, you need to know how the exploits are performed. Also, for the people administering the networks, knowing the exploits is a lot more useful than knowing simply how an end user could protect themselves, as it often offers them an opportunity to patch them.
- SDNick484, on 10/12/2007, -0/+6It has amazed me for years how many people actually connect to public hot spots. If you're tunneling through a VPN you'll probably be alright (you're still vulnerable to rouge AP's and MITM attacks), but a good portion of people aren't bothering with any level of encryption.
I think it'd be a cool idea for a coffee shop to have a projector connected to a PC running driftnet, dsniff, or webspy (similar to what they do at defcon); maybe when someone sees their entire session being displayed on the wall they'd wake up. - lolage, on 10/12/2007, -1/+7'Cool and Illegal' regarding a link to ethicalhacker.net Haha.
- aarslank, on 10/12/2007, -1/+7A really easy way to figure out if the wi-fi provider page is being phished:
just enter a wrong username and password at first. If it doesn't warn you about your password being wrong you know it is fake. - EDantzer, on 10/12/2009, -1/+6don't we all just love the block function when people like HaxorBoba comments?
- Angostura, on 10/12/2007, -2/+7Interesting & well written. Dugg.
- Ryosen, on 10/12/2007, -1/+5Thanks to this "SoB", I know know to look around the airport lounge before plugging in to their services. What is of concern isn't that the author made it easy to follow, it's that it was easy in the first place.
- Ryosen, on 10/12/2007, -0/+2The article also shows how easy it is to spoof a portal for free WiFi services. Plus, since the goal of a scumbag (what the author refers to as a "hacker") might be to compromise the machine via a browser exploit, all they need to do is redirect you to a landing page with some injection code. Of particular interst was where they show hwo to shell into a target's machine, bypassing XP's and Symantec's firewall.
The risks remain the same. - Universal, on 10/12/2007, -0/+2Hacks makes the best digg stories; need Hacking category on digg.
- inactive, on 10/12/2007, -1/+3just because something is illegal does not mean it isn't ethical
(in fairness, i can not rtfa as it is blocked at my work) - CopyNinja, on 10/12/2007, -0/+2A good read.
- inactive, on 10/12/2007, -0/+1Wow, this is SOOO much easier to do than sniffing packets for days and days and days. Why rebuild the wheel when you can convince someone else to drive you home!?
- inactive, on 10/12/2007, -0/+1griz: you're talking in the mindset that companies fix things or people fix things that are slightly problematic. The best way to have something fixed is to tell everyone how to exploit it and force the companies to do something... like with the Kinko's card hacks or the Mobil speed pass hacks.
- t3hX, on 10/12/2007, -0/+1Internode hotspot network in Adelaide - free to port 80 for non-members, to internode subscribers, free to the whole net.
Internode are awesome. - griz, on 10/12/2007, -1/+2" In order to do that, you need to know how the exploits are performed."
That is only applicable if you are the one devising the fix. I this guy knows the hack and knows the workaround, he can just as easily explain the workaround without explaining the hack. I guess it is a mater of trust however that he is giving you the correct workaround and not leaving you open to an attack by him.
I understand your argument (stems from the open source concept) but in many cases, the people who are most vulnerable, the less knowledgeable, are not going to take the time to devise a fix on their own.
Perfect example, I don't need to know how to write a virus to install an antivirus package that someone else already devised. That is what the majority of the population wants. A turn-key solution that works. They could care less how or why it works, they just want it to. - danlovejoy, on 10/12/2007, -0/+1Thanks for the heads-up, Digg. I'm just a bit smarter now.
So, how do you protect yourself, assuming you ever use wireless hotspots. - ddonzal, on 10/12/2007, -0/+1'Trojan sucks life from PSPs'
http://news.com.com/Trojan+sucks+life+from+PSPs/2100-7349_3-5890154.html - spartan777, on 10/12/2007, -0/+1i think this is a great article. knowing how easy it really is to do this, I'm going to be much more careful with wireless hotspots. I can always use a psp though, and thats pretty invulnerable to any of the exploits (can anyone name any psp exploits? and if there were any, what could they do? install an nes emu? plant porno in my videos folder?). This stuff is so easy, I could do this myself, and probably compromise a whole load of computers, email accounts, whatever.
- leohart, on 10/12/2007, -1/+2Not in the man-in-middle type of exploit
- drudometkin, on 10/12/2007, -0/+1So basically if I just try to log in with the wrong information, and it denies access, I will know if it's the real thing or not? Pretty much i'm just worried about losing my tmobile hotspot information.
- moted, on 10/12/2007, -0/+1But, you could take the hikjacked usn/psw and jot up a script that checks back to the legit site and then based on whether or not you have a successful login determines whether or not you let them through.
- nutcase, on 10/12/2007, -2/+3drudometkin,
I just accessed your T-Mobile account information through a DIGG javascript exploit, see you online buddy! - mv36, on 10/12/2007, -1/+1NIce...
- blackb0x, on 10/12/2007, -1/+1just use tor.
- azwethinkweizm, on 10/12/2007, -1/+1Cool and illegal?
It's still illegal and it's not worthy of my digg. - tylerman, on 10/12/2007, -1/+1going downtown soon... panhandling the nerdy way....
j/k not going to steal accounts but people connecting would see "please give the poor college nerd a dollar" - with your picture looking as pathetic as you can look in a day - t3hX, on 10/12/2007, -1/+1Yeah, but why? It's millions of times harder.
- MochaJoe, on 10/12/2007, -0/+0As a promotion of illegal activity, I would agree with you. However, I did digg it as it is guideline to protect myself. In the same manner it shows how someone using WIFI can be hacked, one can use the reverse to prevent the hack from hitting you as he passes to easier targets. It may be impossible to prevent a hacker from hitting any of us individually. Good thing, they are not so selective.
Generally, they are not targeting an individual. They target those systems that show vulnerabilities. It is like the old joke, "How fast do you have run to escape a charging Grizzly Bear?" The answer is that you don't; you just have to run faster the guy next to you. - djr3, on 10/12/2007, -1/+0Great article. I appreciate the knowledge.
I am awaiting for the follow up: How to exploit thousands by having your hacking article Dugg and pointing it to a web page with malicious code on it...
Ok so that didn't happen here, but it scared me a bit that the author probably could have done that... - Raybdbomb, on 10/12/2007, -2/+1Interesting!
- inactive, on 10/12/2007, -3/+1"Cool and Illegal language huh??"
Illegal, yes. Cool.... No. User blocked. ;p - heathenx, on 10/12/2007, -4/+2i love hacks of any kind...
- Crin, on 10/12/2007, -7/+2It's a good job I don't have a subscription to any wireless services then really. There all a rip off in my opinion and it won't be long before there free anyways.
- coldfusion1970, on 10/12/2007, -12/+6I know that the spoofing can affect Mac users, but i'm glad that i'm at least immune from the malicious code stuff.
- plkrtn, on 10/12/2007, -12/+2Posting how to protect yourself fine....
giving brain dead script kiddies the ability to do this stuff without even trying... bad.
I'm burying this SoB - griz, on 10/12/2007, -16/+4Is it really necessary to explain the exploit when explaining to people how to protect themselves?
If you live in a high crime neighborhood you don't need to teach everyone how to pick locks before explaining how to install a slide bolt on their door. - i440, on 10/12/2007, -41/+12This story wouldn't have gotten half as many diggs if it weren't for the word 'illegal' in the title.
- balognytts, on 10/12/2007, -38/+5But these are illegal hacks. In almost every jurisdiction, this type of behavior has been outlawed.
- inactive, on 10/12/2007, -69/+1Excuse me, why am I getting dugg down might I ask? I find this kind of behaviour very immature. Should have known... this is Digg.com afterall.
Pssshhhh.... - inactive, on 10/12/2007, -102/+3Yo seerrrously doggs dis kinda thing flyy crazy wid da digg ballaz traffikin da wite its insane
we be ballaz dudez we be ballaz we fly hardcore you duz be knowin it
if it be illegal we duz digg it hardcore. i iz straight outs da hood you gotz no idea
Browsing Digg on your phone just got easier with our enhancements to the 
© Digg Inc. 2009
— Content created and posted by Digg users is