So I'm Using Someone Else's Connection...

[Crispy's Critter]

Quote:

Originally Posted by photon

It's a tool that's probably pretty easy to get and use. It kind of depends on what the hacker is trying to accomplish though as to if they'd want to use it. Get a trojan on your computer so they can use it as a zombie to attack other computers? Probably not. Steal your World of Warcraft account info so they can take your stuff? Definately. There's usually much easier ways though to do most things hackers want to do, why go to the bother of hacking an individual computer when you can just send out dumb emails laden with phishing and trojans and keyloggers and eventually someone will click on them.

yea, probably just my fears stemming from '80's hacker movies coming to the forefront

Same reason I don't go swimming in fear of rubbery looking mechanical sharks

[4X4]

Quote:

Originally Posted by photon

Leaving it unsecured does open your computer up to theoretical hacking from outside.

If a neighbour uses it and puts you over your limit and Shaw cancels your account you have no recourse, or if they do something illegal on your account it could still be a problem. Securing it is trivial, so it's worth doing.

OK. Looks like I'll be posting a thread about securing my network in the next few days...

[Dan02]

I leave mine unsecured as well, however, if you do that make sure you change the passwords on your router so it doesn't get hijacked on you

you're computer is much more likely to be "hacked" by something you download, then someone on your network. The only real drawback is that if someone is using your connection for downloading/uploading large amounts of data. Then you might have issues with Shaw.

[Hack&Lube]

Quote:

Originally Posted by Crispy's Critter

yea, probably just my fears stemming from '80's hacker movies coming to the forefront

Same reason I don't go swimming in fear of rubbery looking mechanical sharks

Keyloggers are common, often they are disguised as other files you download and with the popularity of torrents, they are often hidden in the torrents or made as fake torrents. Luckily those get spotted and filtered out by the nature of people sharing everything pretty quickly but sometimes they remain. If you run the program by accident, it sets up a keylogger on your computer and tries to find or open ports whereby it can establish an IRC connection to send out the log of all your keystrokes to steal account numbers, passwords, etc.

[icarus]

Quote:

Originally Posted by 4X4

Back door trojan? I don't like the sound of that.

That's not what I heard...

[Crispy's Critter]

Quote:

Originally Posted by Hack&Lube

Keyloggers are common, often they are disguised as other files you download and with the popularity of torrents, they are often hidden in the torrents or made as fake torrents. Luckily those get spotted and filtered out by the nature of people sharing everything pretty quickly but sometimes they remain. If you run the program by accident, it sets up a keylogger on your computer and tries to find or open ports whereby it can establish an IRC connection to send out the log of all your keystrokes to steal account numbers, passwords, etc.

hmm, ok that's what I am most afraid of. So are there free progs out there that can block this? Or something I can set up in windows firewall or something to prevent it? Gonna go do some research. Thanks H&L.

*edit* OK in just a few minutes research I found this:

Quote:

Keylogger prevention

Currently there is no easy way to prevent keylogging. In the future it is believed that software with secure I/O will be protected from keyloggers.[citation needed] Until then, however, the best strategy is to use common sense and a combination of several methods.

But they do go on to tell you some of the methods to use, most of it stuff most people are running on their machines already, such as firewalls and anti-spyware utilities, so that's cool.

http://en.wikipedia.org/wiki/Keystroke_logging

(wiki isn't the most reliable source on most things, but this seems decent enough)

[photon]

Some firewall programs (not the Windows one) will monitor outgoing traffic as well and block network communications that you don't want, or at least alert you to them to ask if you want to accept or not. They're kind of intrusive and take a while to train properly though.

A good antivirus program will also scan for keyloggers by their behaviour and not just by a specific program name or signature.

[cSpooge]

Quote:

Originally Posted by Dan02

I leave mine unsecured as well, however, if you do that make sure you change the passwords on your router so it doesn't get hijacked on you

you're computer is much more likely to be "hacked" by something you download, then someone on your network. The only real drawback is that if someone is using your connection for downloading/uploading large amounts of data. Then you might have issues with Shaw.

the problem arises when someone uses your connect you are responsible for ALL traffic that goes through there. So if someone is leeching your network to look at child porn... you're the one who get hit with it.

When you secure your network use WPA2 like was previously mentioned. WEP has no security what so ever anymore since anyone can break it in under a min. Also change the default login on your router. You would be surprised with how many people don't do this.

[4X4]

I think the guy keeps booting me off. Is that possible? If so, and the guy is doing it, why doesn't he just secure his network?

[ken0042]

Quote:

Originally Posted by photon

Leaving it unsecured does open your computer up to theoretical hacking from outside.

If a neighbour uses it and puts you over your limit and Shaw cancels your account you have no recourse, or if they do something illegal on your account it could still be a problem. Securing it is trivial, so it's worth doing.

Just to add onto this. When I set up people's wireless networks I explain to them why it should be secured; and I use the example of child exploitation. Somebody could use your unsecured wireless network to download pictures, and then the police show up with a warrant. Even after they find your computer clean you'll still be known in the neighbourhood as the "sick ."

Or even worse. They find your unsecure network, and set up a file sharing site that uses some of your hard drive space to host the images. Now when the police come to your house they find the computer with the images on it.

As Photon said, securing your network is pretty easy to do, and can prevent so many issues.

[llama64]

Quote:

Originally Posted by 4X4

I think the guy keeps booting me off. Is that possible? If so, and the guy is doing it, why doesn't he just secure his network?

Chances are it's just a weak signal or the signal gets washed out by interference. If the guy/girl is smart enough to bump you off the router, they would be smart enough to lock it down.

[ken0042]

Quote:

Originally Posted by 4X4

I think the guy keeps booting me off. Is that possible? If so, and the guy is doing it, why doesn't he just secure his network?

Depends on how he's booting you off. The new Shaw modems have a power switch on them; some people shut them off when they are done. Or his router could be on a power bar and when he's done with his PC he shuts it off as well. It could also be interference; my previous neighbour's cordless phone would kill my wireless network every time they used it; no matter what channel I set my network to.

[photon]

Lol yeah, I had a phone that was like that, changed to the 5.8GHz phone after that.

I also lost my wireless whenever we turned the microwave on. It was pretty close to being between the laptop and wireless router tho.

[Dan02]

Quote:

Originally Posted by cSpooge

the problem arises when someone uses your connect you are responsible for ALL traffic that goes through there. So if someone is leeching your network to look at child porn... you're the one who get hit with it.

Yeah, not really. Shaw will hold you responsible for anything that goes through your connection, but their not the ones who would be concerned with what you're doing online as long as you're not blowing through their bandwidth or sending out spam emails.

Legally, in particular with your child pron references, if they traced it through your connection they might confiscate your computers on that network and see whats on them but if they don't find anything just like you say then that's the end of that.

Quote:

Originally Posted by 4X4

I think the guy keeps booting me off. Is that possible? If so, and the guy is doing it, why doesn't he just secure his network?

he could do it, you can terminate wireless sessions through the router.

[gottabekd]

Quote:

Originally Posted by 4X4

So I'm safe? I can open my email? Facebook? I just don't want personal crap to be readable by strangers. Unless they offer me candy. KnowwhatI'msayinnnn?

Just to clarify about this...

Unless the website is over HTTPS (indicated in the address bar, or by the lock icon), it is fairly trivial for anyone within range of the router--not only the router owner--to see any information you post online (including passwords). So your facebook, possibly email, others are all broadcast in plaintext, and easy to sniff.

If the website IS https (like your bank), you are pretty safe. As indicated, the only thing you have to worry about in this case is if your machine is compromised. The data over the line is safe though. If anyone intercepts it, it is computationally unfeasible to decrypt it.

[Berger_4_]

I leave mine unsecured. Of course, our closest neighbours are like half a mile away, so I think I'm okay.

[Dan02]

Quote:

Originally Posted by gottabekd

Just to clarify about this...

Unless the website is over HTTPS (indicated in the address bar, or by the lock icon), it is fairly trivial for anyone within range of the router--not only the router owner--to see any information you post online (including passwords). So your facebook, possibly email, others are all broadcast in plaintext, and easy to sniff.

If the website IS https (like your bank), you are pretty safe. As indicated, the only thing you have to worry about in this case is if your machine is compromised. The data over the line is safe though. If anyone intercepts it, it is computationally unfeasible to decrypt it.

which is why you don't use the same password for your banking and stuff as all your other stuff like CP

[4X4]

Quote:

Originally Posted by gottabekd

Just to clarify about this...

Unless the website is over HTTPS (indicated in the address bar, or by the lock icon), it is fairly trivial for anyone within range of the router--not only the router owner--to see any information you post online (including passwords). So your facebook, possibly email, others are all broadcast in plaintext, and easy to sniff.

If the website IS https (like your bank), you are pretty safe. As indicated, the only thing you have to worry about in this case is if your machine is compromised. The data over the line is safe though. If anyone intercepts it, it is computationally unfeasible to decrypt it.

I don't know how, but one day I will work that sentence into a conversation. That line makes Data sound like a slobbering idiot.

[Madman]

Quote:

Originally Posted by Crispy's Critter

hmm, ok that's what I am most afraid of. So are there free progs out there that can block this? Or something I can set up in windows firewall or something to prevent it? Gonna go do some research. Thanks H&L.

If you use Firefox, you can download an Add-on called KeyScrambler.

"When you type on your keyboard, the keys travel along a path within the operating system before it arrives at your browser. Keyloggers plant themselves along this path and observe and record your keystrokes. The collected information is then sent to the criminals who will use it to steal from you.

KeyScrambler defeats keyloggers by encrypting your keystrokes at the keyboard driver level, deep within the operating system. When the encrypted keystrokes reach your browser, KeyScrambler then decrypts them so you see exactly the keys you've typed. Keyloggers can only record the encrypted keys, which are completely indecipherable."

https://addons.mozilla.org/en-US/firefox/addon/3383

[mykalberta]

The only thing to be worried about is traffic sniffers. Encryption is only as good as the trust between client and host.

If the owner of the connection was deviant he/she could have that setup and after time break the bank encryption.

You either have an idiot user with an open WIFI or deviant user who thinks they are an elite computer user hoping some sap will use his/her connection so that they can sniff the traffic.

Try logging on to the router (DISCLAIMER simply using the Internet connection isnt illegal, this crosses that line from safe to a merky area of law) 192.168.1.1 by default (you can tell normally based on your DHCP Class C Range).1 Check to see if there are any ports forwarded and if so to what address.

My router allows me to bidirectionally forward traffic from any user to specific ports. I then have sniffers setup on those ports. I cant be bothered any more to dabble in that sort of thing now that I have a secure VPN router to my home.