3 Tools that Hackers Use to Assault Your Computer

by

The best defense is a good offense. Security experts are expected to not only know how to keep your computers safe, but how a computer could be unsafe. It’s really the only way to keep up with vulnerabilities and threats. Here are three tools that can be used to break into your computer.

Fuzzers

A fuzzer is a kind of program that seeks to crash another program based on inputs. Think of it in terms of a sweater: it starts smooth, but as time goes on it becomes fuzzier. Fuzzers have legitimate uses, too: like many other tools that hackers use, security auditors can use them to discover vulnerabilities and issue patches accordingly. There’s a very technical blog article which talks about using fuzzers to create images from scratch. For fun, here’s an animation that shows a fuzzer trying to generate its own logo.

time lapse of fuzzed input

american fuzzy lop’s logo stitched together from fuzzed input.

Rainbow Tables

If you’re doing good security, then your passwords are stored in an encrypted format. That means that the way it is stored is not the same as how you type it in. So, in order to retrieve passwords, having the secure versions of them isn’t good enough. A rainbow table is a very large file, containing hundreds of thousands of potential passwords. They are text files, but they are a thousand times larger than a regular document, unless your document is somehow longer than the Affordable Care Act and the Dodd-Frank Law put together. Using a rainbow table takes a while, but it is easy. Just a simple script – a list of computer instructions that are run – and you can compare the useless, encrypted password with hundreds of thousands, or potentially millions, of potential matches. If you have a ton of passwords, like if you’ve made off with someone’s user database, you’ll probably have some number of hits.

If you are concerned that your password has been leaked, I invite you to check out this tool, which compiles publicly-leaked information and tells you if your email address or user name is in it. My email address is out there, as a result of leaks from Adobe, Yahoo, and a video game forum.

Buffer Overflow

This is a pretty common vector. Basically, computers have limited amount of memory – who hasn’t experienced a total freeze because a program decided it wanted ALL the memory available? This is just a bit more insidious. Because computers have limited memory, when a program is run it is given a certain amount of memory. A buffer overflow occurs when memory outside of its pool is accessed. Normally, the operating system will assign it more memory when it’s running low, but it is possible to skip over that process and see what’s next. Say you start your web browser, like Firefox. Earlier, you started up a compromised program that is vulnerable to buffer overflows. While that program is chugging along, someone initiates the overflow, and suddenly that program is accessing Firefox’s assigned memory! In effect, this is an attack that breaks a common expectation, that a program only does its own thing and doesn’t interfere.

Buffer overflows are solved all the time – we can manage your updates with our Premium tier of remote management software. $5 a month and you don’t have to worry about out-of-date software breaking your computer.

How to End the Threat of Social Engineering

by

Ok, so what is social engineering? Social engineering is a special kind of cyberattack where the attacker doesn’t have to gain access to your systems first. Instead, they pretend to be someone trustworthy in your organization and just ask employees for the information they need to hurt you. They can spoof email or gain access to the phone systems, but at the end of the day the attack vector is not through technology, but through people. Great, so how do you stop them? The short answer is education. The longer answer is below.

[Read more…]

Why Do Hackers Want MY PC???

by

A hacked computer can be worth a lot. Think about it: under your desk, on your lap, or even in your pocket, there’s as much computing power as there used to be in an entire room full of hot, heavy machinery. You use your devices to connect to the internet, perform calculations, store information, and a thousand other things that you probably don’t even realize. If you are familiar with the inner workings of modern computers, then it may not be as big of a surprise as this is to other people. But any general purpose computer is a powerful piece of hardware, and if you can make it work for you, the return on investment can be thousands of times the risk you take as a hacker.

The simplest reason someone would want your computer is for your data. If you use the internet for anything important (and what’s important to a hacker might not be that important to  you), then it’s probably got a lot of stored passwords. Or, they can install a keylogger to capture the passwords as you type them in. It doesn’t matter if you’re hacked. They can use your Facebook or other social media accounts to extract money from people you know, like the case of a fellow who got his account hacked and the hacker told his grandmother that he needed money for bail in a foreign country. Naturally, he was still at home, and answered her phone call when she called to see if it was true. Banking passwords are obviously valuable, since a hacker can get your money directly with those. But, any password or file could be used to get personally identifying information to initiate identity theft. With that out of the way, we can talk about some of the more esoteric things that can be done with access to your machine.

You have an internet connection, right? How much more valuable is your computer to you having access to the internet? It’s an insane amount of value. To the point that you are legitimately and justifiably upset if you don’t have internet access. Simply put, anything you can do, a hacker can do, and anything you don’t know you can do a hacker can still do. They can use your machine to route internet traffic and obfuscate criminal activity. They can do this, sometimes, even without full access to your machine. They can hack a web page, again without full access, to tell your computer what to do. This isn’t necessarily dangerous in the sense that losing data is, but it still feels gross to be used in this way. You might never know they’re doing this, either, because the computer may still be usable with little change in performance. If they have full access to your machine, they can do more – use it as a personal vault for stolen data, or take its computing power and use it with a number of other hacked machines to carry out destructive acts and harm businesses with your processing power.

Maybe your reputation is worth something. You might own a business in a competitive market, you might be a Fortune 500 CEO, you might be a community leader. A hacker with control of your PC can get your social media passwords and say things in your name that you would never say. Maybe you’re just a regular person, with no special access to anything, but a hundred or so friends. A bad actor could use your page to share a link to a web site that just so happens to be full of viruses. Part of your internet security plan should be not clicking on weird links posted by your friends. If you don’t know the provenance of the link it could do you some harm. Lastly, a hacker might make you follow a fake page, again with the intent of spreading other sorts of malware.

Lastly, maybe your reputation, social media, computing power, and data aren’t worth anything to a particular hacker. They just want to extort you. With access to your machine, they can encrypt your hard drive (usually a good thing, when you have the password to decrypt it) and hold your files hostage. They can do the same with your email or any other sort of account. No access, they’ll say, unless you pay up. This is called ransomware. It’s become very popular, and people need to be educated on it. You can avoid it, though. You might have The Computer Specialist keep your data safe and just restore your machine to before the infection. This is why crisis plans are so important. Sometimes you take files for granted, which is forgivable for a home user. A business losing customer data? That’s pretty bad. It doesn’t matter who you are, ransomware can strike. They’ve attacked colleges, individuals, politicians, and even hospitals.

Contact us today to learn what you can do to prevent this from happening to you! You can also book an appointment or view our services.

Cyber Risk for Small Businesses

by

Cyber risk is the risk of damage due to failure in your information technology systems. It covers finances, reputation, and disruption of any kind. It’s not a new concept, but it seems to be regarded by many as something for big businesses to worry about. Just think: how would your customers and employees feel if some or all of your confidential information was leaked? It’s a nightmare scenario, but so many small businesses don’t think it concerns them. I’m not a big target, they think. I don’t need to worry that much about cyber security. That’s the wrong way to think about it.

[Read more…]

VISIT US

FOLLOW US

The Computer Specialist

405-627-3168
218 1/2 East Main St. Suite "B"
 Norman, OK 73069

Testimonials

  • Over the last twenty years I have served both small and large business clients as a contract accountant. When there has been a need for computer technical assistance in these offices or in my own business office, I have used John Williams, dba The Computer Specialist. I have found that he makes himself available to... Read More
    Kathy F
  • John spent several hours setting up my new home computer system. He took out the hard drive and installed a 500GB SSD. He needed some special installation pieces and went to a local source without billing me for his travel time there and back. He did a great job and I have his number in... Read More
    Dr. Robert G
  • We've been very impressed with the whole process of top to bottom site system security monitoring of our computers as well as the installation, maintenance, and upgrades done with our surveillance platform for our commercial property. From consulting to quote to execution and beyond we have been very pleased with every aspect of the business!... Read More
    Andrew R.
  • very nice man to deal with, came a day earlier than he said he would. gave me a call to let me know. he did a great job and it looks very nice as well. I now have internet in my shop as fast as in my house. thanks John for a job well done Read More
    Gary H.
  • You recommended them. They picked up my computer and determined the hard drive crashed. They replaced it and were able to save all my docs and photos. Extremely pleased. Read More
    Larry C.