:wtf: I get home and a search (in windows) is open for "paypal"

Discussion in 'OT Technology' started by n2_space, Jun 18, 2006.

  1. n2_space

    n2_space Space > *.*

    Joined:
    Jan 14, 2002
    Messages:
    4,529
    Likes Received:
    0
    Location:
    Indy
    My wife and I have been gone, and I get home, and an explorer window is open with a search of my hard drives for "paypal" I think I am going to reformat..... Has anyone else ever seen anything like this? :hsugh:
     
  2. PC Principle

    PC Principle New Member

    Joined:
    Mar 12, 2004
    Messages:
    64,143
    Likes Received:
    0
    Someone may have a remote connect program on your computer. :dunno:

    Netbus?
     
  3. n2_space

    n2_space Space > *.*

    Joined:
    Jan 14, 2002
    Messages:
    4,529
    Likes Received:
    0
    Location:
    Indy
    yep and nope...
     
  4. n2_space

    n2_space Space > *.*

    Joined:
    Jan 14, 2002
    Messages:
    4,529
    Likes Received:
    0
    Location:
    Indy
    no one should... I'm backing up and reformatting. I'm pretty diligent about my stuff, password protected and shit, but this is just odd...
     
  5. 5Gen_Prelude

    5Gen_Prelude There might not be an "I" in the word "Team", but

    Joined:
    Mar 14, 2000
    Messages:
    14,519
    Likes Received:
    1
    Location:
    Vancouver, BC, CANADA
    Stupid question but, a) Do you use Paypal? and b) Have you chcked the account? c) Should prolly close it just in case.
     
  6. n2_space

    n2_space Space > *.*

    Joined:
    Jan 14, 2002
    Messages:
    4,529
    Likes Received:
    0
    Location:
    Indy
    wife has one, not used, but closed it anyway.

    I know what happened now. VNC security flaw was discovered last month, someone got in there. I check the event log and someone was on during that time. IP address traces back to Amsterdam. If you guys are using REALVNC and aren't at 4.1.2, upgrade NOW.
     
  7. Corp

    Corp OT Supporter

    Joined:
    Sep 11, 2003
    Messages:
    28,201
    Likes Received:
    0
    Location:
    Providence, RI
    is this only real vnc or any of the programs that use vnc?
     
  8. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    VNC is shitty. I feel sorry for anyone still using it. If you need remote access, use Remote Desktop.
     
  9. 5Gen_Prelude

    5Gen_Prelude There might not be an "I" in the word "Team", but

    Joined:
    Mar 14, 2000
    Messages:
    14,519
    Likes Received:
    1
    Location:
    Vancouver, BC, CANADA
    Thx for the update. Just goes to show you it's not just MS that can create security holes - the more popular a product becomes, the more attention it gets for hackers.
     
  10. lazyjk

    lazyjk Uncle Sam wants you for the NEW Freedom Fighters!!

    Joined:
    Sep 26, 2005
    Messages:
    5,168
    Likes Received:
    0
    Location:
    Lewistown, Mt
    It was probably the cat just walking on the keys :dunno:
     
  11. n2_space

    n2_space Space > *.*

    Joined:
    Jan 14, 2002
    Messages:
    4,529
    Likes Received:
    0
    Location:
    Indy
    Have no pets
     
  12. n2_space

    n2_space Space > *.*

    Joined:
    Jan 14, 2002
    Messages:
    4,529
    Likes Received:
    0
    Location:
    Indy
    RDC is slower than balls IMO :dunno:
     
  13. n2_space

    n2_space Space > *.*

    Joined:
    Jan 14, 2002
    Messages:
    4,529
    Likes Received:
    0
    Location:
    Indy
    Just Real VNC.
     
  14. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    faster than VNC.
     
  15. n2_space

    n2_space Space > *.*

    Joined:
    Jan 14, 2002
    Messages:
    4,529
    Likes Received:
    0
    Location:
    Indy
    Not in my experience at all :hs:
     
  16. CyberBullets

    CyberBullets I reach to the sky, and call out your name. If I c

    Joined:
    Nov 13, 2001
    Messages:
    11,865
    Likes Received:
    0
    Location:
    BC, Canada/Stockholm, Sweden
    only reason i use VNC is cause i can tunnel it through an ssh session.

    also, good tip, have it self lock your computer once you log out. but then i'm anal and always lock my computer whenever im not at it.
     
  17. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    you're doing something wrong, then... VNC is slow as dogshit compared to RDC. It's actually pretty-well-documented online, as well.
     
  18. EvilSS

    EvilSS New Member

    Joined:
    Jun 11, 2003
    Messages:
    5,104
    Likes Received:
    0
    Location:
    STL
    That's not a good idea either for access in from outside the firewall. RDP uses a very well known port and anyone can pound on the administrator account on an XP machine till the end of time. Even if you move the port a port scan will quickly turn it up (it's easy to identify from its initial handshake).

    Services like GoToMyPC and LogMeIn (free!) are a better choice. Since there are no open ports you can't scan for it.
     
  19. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    I disagree. I manage windows servers and all we use is TS/RDC. Been doing it since 1999 and never had one compromised. And we're talking highly-available, highly-publicized web servers... Not just joe-shmoe's home box.
     
  20. EvilSS

    EvilSS New Member

    Joined:
    Jun 11, 2003
    Messages:
    5,104
    Likes Received:
    0
    Location:
    STL
    That's a very poor security design. It's the equivalent to putting a kb/mouse/monitor for the server outside on the street. Just because you have "never had one compromised" doesn't mean it does not happen. Not to mention you probably rename the admin account and harden the passwords. How many home users do that?

    It's foolish to expose a direct desktop login to the world when it's not necessary, especially for a non or semi technical home user. I've sure there are plenty of people who have never had their VNC services compromised. Yet the thread starter did.

    There are plenty of secure access controls that just about anyone can use these days.

    I've seen systems compromised through exposed RPD and ICA logins. All it takes is an administrator who is not totally familiar with how to secure it or too lazy (or arrogant) to do it and a compromised login account.

    I'm willing to bet you (and most admins) didn't know that both Microsoft RDP and Citrix ICA clients provide enough API exposure to allow for automated dictionary attacks against a login ID. Now, considering that by default the administrator account will not lock out after any number of bad password attempts, does it really seem like a good idea to expose it to the entire world?
     
  21. Penguin Man

    Penguin Man Protect Your Digital Liberties

    Joined:
    Apr 27, 2002
    Messages:
    21,696
    Likes Received:
    0
    Location:
    Edmonton, AB
    This is true.

    However, OpenSSH has 88% of the SSH market and has (to my knowledge) _never_ suffered from a major security hole (there have been some minor ones for sure, but they get fixed very quickly). It's proof that with a proper development and testing process, you can write hole-free software.
     
  22. 5Gen_Prelude

    5Gen_Prelude There might not be an "I" in the word "Team", but

    Joined:
    Mar 14, 2000
    Messages:
    14,519
    Likes Received:
    1
    Location:
    Vancouver, BC, CANADA
    Who is putting RDP on the internet directly!? VPN tunnel first, then RDP. Plus, if you're not smart enough to rename the admin account to something other than administrator, you really are an idiot.

    I'm not sure what hit me, I'm sounding like Jolly now :eek:
     
  23. n2_space

    n2_space Space > *.*

    Joined:
    Jan 14, 2002
    Messages:
    4,529
    Likes Received:
    0
    Location:
    Indy
    Over the net? I've followed everything I've seen on RDC and it runs slower than shit. VNC has been quite quick for me.
     
  24. n2_space

    n2_space Space > *.*

    Joined:
    Jan 14, 2002
    Messages:
    4,529
    Likes Received:
    0
    Location:
    Indy
    Not me.

    I have a different account with a password. VNC was password protected as well. Just didn't know about the recent hole in VNC. I upgraded to fix the hole, changed the port, changed the password, and restricted it to only accept my internal IP's and my work IP. Only places I really use it anyway. Got a couple more pings last night, but they couldn't get in :)
     
  25. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    I did know that... But we rename all admin accounts, enforce strict password complexity requirements, and set the lock-out to 3 trys within 15 minutes.
     

Share This Page