Results 1 to 10 of 10
  1. #1
    5 Star Lounger
    Join Date
    Jan 2011
    Location
    Seattle, WA
    Posts
    1,070
    Thanks
    42
    Thanked 132 Times in 86 Posts

    Hacker takes over reader's PC by remote control

    LANGALIST PLUS

    Hacker takes over reader's PC by remote control


    By Fred Langa

    It's every PC user's nightmare: Someone starts controlling your PC from afar without your permission. Here's how to prevent that type of attack. Plus: Why using an HTTPS connection is like putting on sneakers to outrun a bear, and free, do-it-yourself virtual private networking.


    The full text of this column is posted at windowssecrets.com/langalist-plus/hacker-takes-over-readers-pc-by-remote-control/ (paid content, opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.

  2. #2
    New Lounger
    Join Date
    Feb 2010
    Location
    Lee County, Florida
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I received a call recently;
    CALLER: "Good day Sir. I am calling from Microsoft about your Windows computer."
    ME: "My windows computer??"
    CALLER: "Yes sir, there is a problem with your windows computer."
    ME: "I don't have any windows with COMPUTERS on them. Some of them have TINT on them to keep out the sunlight, but none of them have COMPUTERS on them."
    CALLER: You have no windows computer?"
    ME: "No sir, I don't. A couple of them do have AWNINGS though. Is THAT why you're calling?"

    I could tell he was starting to get frustrated. I continued stringing him along until he finally just hung up. I figured the longer I kept him on the phone, the less time he'd have to scam someone else.

  3. #3
    4 Star Lounger
    Join Date
    Jul 2011
    Location
    Florida
    Posts
    402
    Thanks
    171
    Thanked 28 Times in 26 Posts
    Very informative article, well worth reading.

    An example being I was surprised at what apps were allowed access in the default Windows Firewall settings .
    Last edited by Trev; 2014-12-18 at 08:42.

  4. #4
    Lounger
    Join Date
    Feb 2010
    Location
    Boston, Massachusetts, USA
    Posts
    44
    Thanks
    1
    Thanked 4 Times in 2 Posts
    Quote Originally Posted by dpfoto View Post
    I received a call recently;

    I could tell he was starting to get frustrated. I continued stringing him along until he finally just hung up. I figured the longer I kept him on the phone, the less time he'd have to scam someone else.
    Another trick: If the caller asks for your credit card, tell him that you'll transfer the money directly to his credit account and ask for his credit card information. He'll probably act confused, but if you're patient and explain (gobbledegook, of course) about transferring money directly to credit accounts, you might actually get something from him before he hangs up or you have something urgent to attend to and hang up. I do not recommend doing anything with any credit card information the caller might give you, though. That's illegal.

  5. #5
    New Lounger
    Join Date
    Jan 2010
    Location
    parsippany, NJ USA
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I think you left out do not use any saved backups prior to being hacked.
    myles

  6. #6
    Lounger
    Join Date
    Dec 2009
    Location
    Dallas, Texas, USA
    Posts
    37
    Thanks
    0
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by Anabaptiston View Post
    I do not recommend doing anything with any credit card information the caller might give you, though. That's illegal.
    Actually, I recommend providing that information to the FBI: http://www.fbi.gov/contact-us/field

  7. #7
    Lounger
    Join Date
    Dec 2009
    Location
    Dallas, Texas, USA
    Posts
    37
    Thanks
    0
    Thanked 2 Times in 2 Posts
    I don't think that the HTTPs question was handled very well. If the initial handshake is interrupted--the classic Man-in-the-middle (MITM) attack--the attacker can indeed initiate an SSL connection with you on one side and then a separate SSL connection with the server you are connecting to. But the SSL certificate won't match and your browser will give you several error messages. There have been cases of certificates being improperly issued but that isn't common enough to be a major concern, and the larger sites (Google's sites, for example) use a technique called "certificate pinning", in which the certificate information is pre-loaded to your browser and your browser won't let you proceed if the information isn't valid.

    Of course, no security is foolproof.

    Certificates: Certificates need to be at least 2048 bits in order to be strong enough, and they need to be signed with SHA-256 starting in 2017; certificates signed with MD5 are already too weak to be secure, and SHA-1 is rapidly getting too weak and Chrome is starting to warn users about SHA-1 certificates that expire after 1/1/2017.

    Protocols: The SSL 2.0 and SSL 3.0 protocols are too weak to be secure, and TLS 1.0 has many of the weaknesses of SSL 3.0 as well. And how various servers implement TLS (See Heartbleed, Poodle-TLS, etc) can also leave those insecure as well.

    Encryption: many ciphers are too weak. Anything less than 128 bits is too weak. 3DES is rapidly getting too weak but sites that want to support XP must keep it enabled. RC2 and RC4 are too weak. This leaves only AES (and it has several variants) as a secure encryption option; if someone finds a weakness in it, we are in serious trouble.

    Ideally, you will make a connection using TLS 1.2 to a server that supports AES-256 and has a pinned certificate signed by SHA-256/384/512.

    Feel free to test the sites you connect to here: https://www.ssllabs.com/ssltest/
    And feel free to test your browser here: https://www.ssllabs.com/ssltest/viewMyClient.html

  8. #8
    5 Star Lounger
    Join Date
    Nov 2010
    Posts
    665
    Thanks
    1
    Thanked 26 Times in 24 Posts
    I disabled all remote services on all my Windows VMs and Host OS itself. If I can't fix the issue, then it's time for a new PC. lol

    Never yet paid for PC service for myself. I suppose repairing PCs for a living for over 20 years (5 years dedicated before going helpdesk tha past 2 years; now, unfortunately, inbetween jobs yet again) gives me a little edge.


  9. #9
    Silver Lounger
    Join Date
    Mar 2014
    Location
    Forever West
    Posts
    2,077
    Thanks
    0
    Thanked 259 Times in 248 Posts
    Quote Originally Posted by lylejk View Post
    I disabled all remote services on all my Windows VMs and Host OS itself. If I can't fix the issue, then it's time for a new PC.
    Usually a clean install would be better at this time than getting a new one and a wait for Win10 in a few months may be suitable.

    Never yet paid for PC service for myself. I suppose repairing PCs for a living for over 20 years gives me a little edge.
    Same here, started in late '94 after I retired and was offered a job in a computer store/shop.

  10. #10
    5 Star Lounger
    Join Date
    Nov 2010
    Posts
    665
    Thanks
    1
    Thanked 26 Times in 24 Posts
    Let me clarify; of course, if the OS is repairable, then you do so first. After my last PC's CPU fan died (along with video card fan) and I replaced them both (Video card twice over the 7 years I had it) and also replaced the power supply (only had that system for 1 year when that happened; I do use UPS so that's not going to keep a bad supply from failing), I decided that I would not put in one more red cent if something else goes wrong since it was showing its age. Then 2 months later, the power supply died, so now I am using a new computer (well, its 6 months old now; lol). As for re-installing the OS, it's much better to make images of your harddrive regularly, but have to admit I've not since I purchased the new system. Most of my data is backed up and if S hits the fan, I'll recover from the built in recovery partition since I don't really have any software that can't easily be re-installed. Still imaging is the way to go. I will need to get a Tera-byte drive in order to do so since my back drives are smaller then the date/OS of my current HD (biggest external drive I have is 500Gs but it's my old drive from my last computer and has a lot of data on it which is also on my current system so don't want to dedicate it for image backup); just don't need to splurge for another External drive right now.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •