Sodhammer
   |
Posted - 2006.06.26 20:44:00 -
[1]
For those not familiar with PC security and hacking in general, here are a few items to keep in mind.
Keyloggers are programs that record every key you press. This information is then forwarded out onto the web for people to use. So if you open your web browser and type:
www.mybank.com
joeblow
mypassword
Its not too hard to figure out you have an account at a certain bank, and your username/password. This particular keylogger was aimed at EVE, but it ran at startup, so all keystrokes were probably copied and sent to the originator.
Rootkits are programs that gain you root access. This means they get you adminstrative (total) rights to a machine. The idea comes from being able to log onto a machine with limited rights, then boosting your self to administrator (noticed that a few people said "dont sign in as admin", thats what root kits are for).
Social engineering is a way to say SCAM. All machines have some security, and social engineering is a way to get the user to bypass that security and allow the machine to be compromised. The program mentioned here is a perfect example. An offer to get a user free isk convinces them its a good idea to install some program on their machine. This gets the program past their firewall and probably past the anti virus software. Social Engineering is the most common form of attack being done by thousands of different people. Have you noticed the huge amounts of spam e-mail you get? Most of that is social engineering type attacks. They are either asking you to install software on your PC, or send private information to them (name and credit card). The most common example of a non PC Social engineering attack is the letter saying "I am the son of an oil minister in Sudan. I need to move some money to the US. Please give me your account number to do this, and I will give you 5% of 500 million dollars".
From a personal security point of view, if you are not PC literate I would recommend the following things:
If you have an always on connection (DSL, Cablemodem), get a hardware firewall. My DSL came with one from the phone company. My cablemodem did not. Hardware firewalls are better for keeping people out, software firewalls have the special ability of warning you when an application is doing something bad, using both gives the advantages of both.
If you do any type of financial work on your PC, get another PC. That means if you do online banking, E-Bay, TurboTax or anything that involves you typing a credit card number into your browser, dedicate a machine to it. These sites and applications are not that processor/graphic intensive, a low to midrange pc will drive them just fine. If you have kids that use the computer, or like to download all those free internet games, its just a matter of time before your machine is compromised. And by time, I mean a few days to a few weeks. Remember, someone scamming your Eve account and taking all of your isk will annoy you. Someone getting your bank info and stealing your real life money/credit rating will be much worse.
This is not an Eve thing, these problems have existed ong before, and will exist when we are flying spaceships in real life.
|