http://technet.microsoft.com/en-us/security/advisory/2794220

People seem to talk trash on "hackers" (crackers, whichever you wish to go with), but they have to pretty damn smart to find these vulnerabilities it seems like.

It's not so much intelligence as obsession. I mean, I'm not saying it doesn't take intelligence, it does, but perseverance is the most important thing. They spend weeks feeding programs different inputs and seeing what happens... if the program messes up with a certain input, there's a good chance it has a vulnerability (for example, if a website gives you a SQL error when you put your username as ' then you know they don't sanitise inputs).

Can anyone on this site hack?

If someone knowledgeable in computers put their mind to it, of course they could hack something. Doesn't mean they will though, but its possible.

cool.

i think gaining access to someone specific just using the net on its own is near impossible for most hackers these days, at least so im told.

I remember scaning ftp ports and nosing around when i was 15 (year 2000) trying to leave sub7 viruses, it never worked (but we accidently infected ourselfs and some one 'matrix mode'd us :/)

i think gaining access to someone specific just using the net on its own is near impossible for most hackers these days, at least so im told.

This. It's not impossible, but it has been become exponentially more difficult in the last decade. Exploits have become much rarer and much smaller/harder to find. But it is surely not impossible. It does happen a fair amount still. It's just not something that any script kiddie is really capable of anymore.

Tbh, the vast majority of times a person's account gets compromised it's not because of flaws in any security, it's because someone was tricked into giving details away that they shouldn't have. In other words, social engineering.

DOS/DDOS attacks are still pretty common and are actually pretty easy to do still. Most kiddie scripters and kiddie hackers do this out of revenge for killing them in video games or something. Hell I have even had it happen in ranked matches where they launched a low rate DOS attack on me just to make me lag during the match. Of course this was a friend playing a sort of "practical joke" on me but still ;p.

A D/DOS attack itself isn't meant for gaining access though. DOS will always be a problem, IMO. It's a double edged sword that can't really be dealt with.

True it doesn't gain access but hackers aren't always just teying to gain access to a computer a lot of the time they just want to cause as much damage as they can. Hence why DDOS attacks are so frequent on major companys servers ect.

DDoS is little more than taking down a poster.

But to perform a DDoS you have to have already gained access to a network of machines

Well yes it does take knowledge and some skill to launch a DOS attack, and especially a DDOS attack since you need to have control of multiple computers (usually the result of "hacking" them to gain control). But it is a lot easier then other types of attacks.

For example if someone wanted to launch a "smurf" attack all they would need is knowledge of how IP packets work and a flawed network to launch the attack on. But like you said even this is not a easy task but much easier then others forms of "hacking"

From what I've read, pen testers working for major companies won't even start with a computer. They start with the easiest; looking for flaws in the people. Get the right person to believe you and you can gain access to anything.

Yup thats where most forms of "hacking" happen. Its the human errors that usually end up getting th hacked. Like for example its not hard to get someones email password when there security questions answers can easily be found on thier facebook page and other sites. Once you have thier email you might tyen have much much more.

chrisname wrote:
DDoS is little more than taking down a poster.

Yes, a poster that is costing the company $1,000 per minute that it's down. What's worse? Law enforcement (at least in the US) doesn't even put an ounce of effort into investigating attacks. It is very expensive for small emerging companies to protect themselves from larger competitors and/or random script kiddies that take down their page 'just because they can'.

...and the rich get richer.

[quote=Zereo]DOS/DDOS attacks are still pretty common and are actually pretty easy to do still. Most kiddie scripters and kiddie hackers do this out of revenge for killing them in video games or something. Hell I have even had it happen in ranked matches where they launched a low rate DOS attack on me just to make me lag during the match. Of course this was a friend playing a sort of "practical joke" on me but still ;p.[/quote[
I know a site that constantly gets these kinds of attacks. How do they happen? From the picture I saw on wikipedia it looks like a bunch of compromised computers that try to connect to a server all at once and overload it. Is that true?

science man wrote:
From the picture I saw on wikipedia it looks like a bunch of compromised computers that try to connect to a server all at once and overload it. Is that true?

Most often compromised systems are obtained by malicious software. With each system that's compromised, the attacker's army grows. Over time these clouds of systems can grow to be absolutely devastating (and whose effects are usually sold to the highest bidder).

http://en.wikipedia.org/wiki/Botnet

Judging from how widespread they tend to be, I'd guess that they often get around through cracked software. They're not necessarily viruses that harm your computer, and so any attempt to add your computer to a botnet wouldn't be noticeable since they don't incur much overhead. Assuming that's the case, most "safe" cracked software will probably have a payload that would add your computer to a botnet.

From the picture I saw on wikipedia it looks like a bunch of compromised computers that try to connect to a server all at once and overload it. Is that true?

That's the gist of it, although there are quite a few variations of the term "connect" that are employed by a D/DoS attack.