I completely agree with pwnz that is what i ment. i mean if they can prove they know how to do it like that and do things (bad or not..) which oher people havent.

If someone for insance wrote a virus which copied the SAM database in windows and then when the user goes online it sent it to a rremote server which then dcrypted it, it would mean the hacker/cracker/virus maker
would expose a great security risk
[and of course have access to their pc.]

and before anyone says it
The SAM database is the file which store the users and their passwords for windows.
when windows is running it is locked and is unaccessable (its in c:/windows/system or system32) and can only be accessed before windows starts.
which is why programs such as loginrecovery boot from disk and copy it to the disk because windows hasnt started and the file is unlocked.

And yes, LM and NT can be dcrypted, with login recovery you uplaod the file (or type it in if u used cd) and their server then dcrypts it within 10 minutes (usually)

a scary thought?

also there are ones where you can put it in boot from disc
and watch and wait while it decrypts on your pc.

dan


Dan

Dan,

For the sake of the world give up your interest in how virii work. Imagine this scenario (which is not very unlikely). You are experimenting with virus writing on a disconnected computer, of course, your responsible and would never connect this computer to the network. However, you overlook the fact that your system is set up to automatically connect to any available wireless network without notification. Your virus does it's job and, oops, you've just mistakenly infected half the world with some nasty virus.

While you do have some plausible deniability if you cause enough damage you will pay a heavy price, most likely fines (which will be billed to your parents and will most likely break them financially) and jail time.

The point is that while were all sure your a very clever and intelligent person, we all make mistakes and it is our responsibility within our global community to make wise and self restraining decisions in order not to harm others.

Quote:

Originally Posted by Pwnz_You

Actually being able to create something that exploits a bug is proves you are obviously a good coder (except if you use other peoples exploits ect) And shows you know the ins and outs of a system. Creating a program that doesn't exploit something is still good. But in my world being able to create something that exploits a bug is very good. Especially if it goes undetected.

No, it proves nothing other than that the coder in question is an angry delusional socially-challenged freakshow with too much free time on his/her hands.

A good coder spends his/her time coding things that are actually of some use to people. (S)he wouldn't waste his/her time hacking and exploiting things because they ultimately provide no benefit in most cases. Viruses, spyware and other such nasties cost people time, money and grief to deal with and never provide them with anything beneficial.

It's people that think like you that really need to shove a pound of butter up their asses so they can dislodge their heads.

Quote:

Originally Posted by Learning Newbie

You sound like an apologist for digital crime and thuggery.

No, I just have my ethics right.

I read that 3Com, a well known communications hardware producer, hires hackers to try to hack through it's security. Once they penetrate, the hacker tells the hardware designers how he did it do they can patch that hole up.

There is a difference between finding software vulnerabilities and then creating programs that specifically exploit them. Finding vulnerabilities is usually pretty hard, you have to have the right kind of mind to do something like that. Just like programming in general often requires a certain way of thinking, so does hacking them apart.

The ones who actually exploit the found vulns are a different type of person, very few of them would have actually found the vulnerability themselves. So saying they are "obviously a good coder" isn't quite right. Given some knowledge of how computers work, many not-so-good coders can take information from a security bulletin and create a program that exploits the described vulnerability.

If the person wanted more then mere fame or infamy status, then the responsible thing is to report the vulnerability to the publisher.

Quote:

I read that 3Com, a well known communications hardware producer, hires hackers to try to hack through it's security. Once they penetrate, the hacker tells the hardware designers how he did it do they can patch that hole up.

Yeah a lot of big companies do pentests. That'd be a pretty interesting job, eh?

Quote:

Originally Posted by Harper

Curious question for anyone who wants to help either confirm or quash this weird rumor I heard.

Someone told me recently that a lot of viruses are actually produced by Symantec in order to keep them in business. Anybody think there's any truth to that? Sounds like an urban legend more than anything, but I've heard of companies creating problems that they can create solutions for.

Mike

Heard that one too. But I think it's hackers who have a lot of time on their hands.

Something i always find funny is when people think they are "sticking it to the man" when they break peoples computers with a virus, But what these idiots don't understand is how many thousands of extra copies of windows have been purchased thanks to their actions.

They aren't so much "sticking it to the man" as they are filling the mans pockets with money.

It's also worth pointing out that the people who find flaws in code are never the ones who use it to do something malicious. Smart people find the flaw, Idiots use it.