Q : Why should I worry?
A : As the millions of personal computers of the world move from dialup
lines to permanent connections such as DSL or cable, a vast new array of
potentially soft targets turn up on the Internet, at stable IP addresses, for
crackers to use, sometimes for fun, and sometimes to stage further break-ins.
Most normal Internet machines are designed and configured with security as a
high priority. Most of the hordes of home PCs coming online over DSL and cable
were designed to be friendly and accessible. It is a great time to be a cracker.
Q : But I have a virus tool !?
A : Today’s virus tools will not tell you that your machine has been
compromised, they will not warn that your hard-drive is visible on the Internet,
or that your FTP server has no password. An up-to-date virus scanner on the
windows platform is vital but it is only half the story.
Q : But.. I turned off file and print sharing!!?
A : Programs you purchase or download and install are more and more network
aware, windows file and printer sharing is only one possible gateway into a
machine. There are 65535 different ports that a program, or part of your
operating system, can listen on. Do you know what is actually active and waiting
for connections on your PC right now?
Q : Why a scan is good security ?
A : Any intruder will use a scanning tool to get an overview of your security,
either as part of a domain pass, randomly, or because they are targeting you
specifically. Anyone active on the internet knows that as soon as you use
software that leaves your IP address in a public place, like a Usenet posting,
ICQ, ftps , MSN Messenger , KAZZA or certain shareware utilities, you will
become instantly the target of curious probes, some from machines on the other
side of the world. If you have weak security, these probes can turn into a
break-in. If you offend someone in a public forum, your machine can be crashed
by them, or disabled. If this is your business, they have closed you down.
Q: I am pretty sure I am safe!?
A : Anti-Hacker System, since it started in August 2002, has run over 32,000
scans on individual machines. Only 3% of those machines received a perfect
score. 97% of them had one or more possible weaknesses, some had multiple
weaknesses, These included unneeded network services, public machine names or
usernames, guest accounts, routers with weak configuration protection, printers
visible for anyone to use and more... Are you still sure?
Q : What in the Anti-Hacker Scan !?
A : The Anti-Hacker System, include 3 main tests :
1 ) a short browser check
2) a simple port scan (client security check) , of the standard ports :
21 (FTP), 25 (SMTP), 80 (HTTP), 110 (POP3), 135 (Win RPC) , 8080 (Proxy).
3) a privacy test , of your Online Privacy info.
* Other Optional Scans:
4) Anti Virus Scan.
5) Anti Trojan Scan :
Back Orifice 2000, Netbus 1.x, Netbus 2.x, Subseven 1.7, Subseven 2.x,
Deep Throat 1.0, Deep Throat 2.0, Deep Throat 3.x, Sockets de Troie,
Master's Paradise, Donald Dick 1.x, WinCrash 1.x, Hack'a'Tack 2000,
and Y3K Rat 1.0.
6) Automated Penetration Scan, for web servers, domain name servers, public FTP
servers, and e-commerce servers.
7) Manual Penetration Scan, for web servers, domain name servers, public FTP
servers, and e-commerce servers.
Q: Will the Scan harm my PC ?
A : The Scan will NOT Harm Your PC .
The test normally has no negative effects on the system to be tested. This
cannot be
entirely ruled out, however." More tests are being prepared.
Q: How Companies Can Track Your Movements on the Internet ?
A: Some sites require registration. For this demo just enter a user name. Most
sites will ask
for several pieces of information such as e-mail address, phone number, credit
card
number, etc.
To see the demo 'register' at one or more of the sites and then view your
AdBusters.com
profile again.
Q : what is the Taste of Cookie ?
A: Try one. Then choose a different one to see how cookies can be used to
provide
personalized content.
Q : what is Your email profile bank & Banner Ad Networks Opt-Out?
A: Enter your e-mail address, hit send, open your e-mail, then check your
profile again (a
link will be provided in the e-mail). The e-mail must go to the same computer
used for
the demonstration to work. Even if the cookie is not read (such as being blocked
by
privacy software) the web server will still detect the request and will record
your IP
address. By giving each user a unique URL the user's IP address can be linked to
the e-
mail address even though it would not be seen in this demo. Note that user can
still be
traced without ever sending a single e-mail ... just by opening the e-mail that
is received.
 |
|
