Hacking: Updated Script To Remove Hidden Shares.
The Sources Of Hacking.
It seems I've experienced more hacking in the last several months than in all my time on the Internet before. Consequently, I've spent a more time than I have to spare writing firewalls and scripts to protect my computers from intrusion.
I'm not sure if this results from a round with a local computer certification school (who assigned me on-line training), or if it's just a new political climate, but generally, attacks on your person come in equal proportions, from a source who either knows you personally or who knows of you, and from sources who do not. It's also true there are some hosts out there who are running 'bots' (robot intrusion programs). To differentiate between the two, one has to look at the ability of the intruder to adapt to the defenses you put up. In any case because I empathize with others in my position, I feel moved to share some of what I've learned, about protecting my systems, with other users like myself who bought a computer to use for personal productivity, more than to spend all their time defending themselves against hacking invasions. Previously, data security was simply a matter of keeping one's anti-virus, firewall and operating systems updated. Now days, BITS and faux updates are tools of the hackers' trade, so updates have to be approved and effected manually.
Computer Training.
I'm a long time Windows (DOS, etc.) user, computer and network technician, and part-time administrator. After many years, I have finally decided to seek these I.T. certifications which are now seemingly requisite to employment. Apparently, however, I have to become completely proficient in writing router code (more about this later) and defensive Windows configurations before I can even get to the Windows certification test. Even though I'm running out of time, I'm trying to learn as much as I can about how these intrusions came about and how to prevent them in the future. For many, whose configurations have not been tested in such a way, I doubt they really know just how effective their configurations are. In any case, if you're considering on-line certification training, this might well be one of the points that you should take into consideration.
I'll try to share what I think others may find useful in defending their computers and personal networks.
rem ******************************************
rem ******************************************
rem ******************************************
rem
rem When running this batch file through
rem Task Scheduler, it is necessary to click
rem "Run with highest privileges" otherwise
rem the batch file will have not effect.
rem You should be logged on as an
rem administrator in order to configure
rem the scheduled task
rem
rem ******************************************
rem ******************************************
rem ******************************************
net share users /delete
net share users$ /delete
net share admin$ /delete
net share a$ /delete
net share b$ /delete
net share c$ /delete
net share d$ /delete
net share e$ /delete
net share f$ /delete
net share g$ /delete
net share h$ /delete
net share i$ /delete
net share j$ /delete
net share k$ /delete
net share l$ /delete
net share m$ /delete
net share n$ /delete
net share o$ /delete
net share p$ /delete
net share q$ /delete
net share r$ /delete
net share s$ /delete
net share t$ /delete
net share u$ /delete
net share v$ /delete
net share w$ /delete
net share x$ /delete
net share y$ /delete
net share z$ /delete
rem ******************************************
rem ** Disable shares enabled in the GUI
rem ******************************************
net share a /delete
net share b /delete
net share c /delete
net share d /delete
net share e /delete
net share f /delete
net share g /delete
net share h /delete
net share i /delete
net share j /delete
net share k /delete
net share l /delete
net share m /delete
net share n /delete
net share o /delete
net share p /delete
net share q /delete
net share r /delete
net share s /delete
net share t /delete
net share u /delete
net share v /delete
net share w /delete
net share x /delete
net share y /delete
net share z /delete
rem ******************************************
rem ******************************************
rem ******************************************
rem
rem The following commands enable and start
rem the Windows Task Scheduler.
rem
rem Since posting this batch file, I find
rem the Task Scheduler is another of the
rem services that magically just seem to
rem magically get stopped.
rem
rem If you have access to group policy,
rem Computer Policy, Windows Settings,
rem Scripts, Startup, you can configure
rem this batch file to run when Windows
rem starts up. Else, and additionally,
rem you can add this batch file to users'
rem startup routine:
rem %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup
rem using the runas command to run it as an
rem administrator.
rem
rem You can also put a link on your desktop
rem and run the batch file manually at will.
rem
rem ******************************************
rem ******************************************
rem ******************************************
sc start Schedule
sc config Schedule start= auto
rem ******************************************
rem ******************************************
rem ******************************************
rem
rem The following commands enable and start
rem the Windows Error Reporting Service.
rem
rem Stopping this service seems to be one
rem of the first things an intruder wants
rem to do, since what happens thereafter
rem will not be recorded in the system logs.
rem
rem Adding these lines to the a recurring
rem batch or .cmd file, which run frequently
rem might give you a chance of finding out
rem what the intruder did to your system.
rem
rem
rem ******************************************
rem ******************************************
rem ******************************************
sc start WerSvc
sc config WerSvc start= auto
sc start WecSvc
sc config WecSvc start= auto
rem ******************************************
rem ******************************************
rem ******************************************
rem
rem The following commands disable and stop
rem the Windows Remote Management Service.
rem
rem Stopping this service seems to be one
rem of the first things an intruder wants
rem to do, since what happens thereafter
rem will not be recorded in the system logs.
rem
rem Adding these lines to the a recurring
rem batch or .cmd file, which run frequently
rem might give you a chance of finding out
rem what the intruder did to your system.
rem
rem
rem ******************************************
rem ******************************************
rem ******************************************
sc stop WinRM
sc config WinRM start= disabled
rem ******************************************
rem ******************************************
rem ******************************************
rem You can disable Windows' Remote Desktop
rem and Remote Support from the Control Panel,
rem System, Remote tab BUT that doesn't stop
rem the Terminal Services services. Unless
rem you're actually running Terminal Services,
rem Citrix, etc. you don't need or want this
rem service running so that other 3rd Party
rem programs can avail themselves of it to
rem take over your computer remotely.
rem
rem However, I think you'll find it gets
rem magically restarted all by itself,
rem which is the reason for scheduling
rem this batch or .cmd file to run
rem periodically and repeatedly.
rem
rem
rem ******************************************
rem ******************************************
rem ******************************************
sc stop TermService
sc config TermService start= disabled
rem ******************************************
rem ******************************************
rem ******************************************
rem
rem The following commands disable the Remote
rem Desktop Configuration service and stop it
rem from restarting.
rem
rem However, I think you'll find it gets
rem magically restarted all by itself,
rem which is the reason for scheduling
rem this batch or .cmd file to run
rem periodically and repeatedly.
rem
rem
rem ******************************************
rem ******************************************
rem ******************************************
sc stop SessionEnv
sc config SessionEnv start= disabled
rem ******************************************
rem ******************************************
rem ******************************************
rem
rem The following commands disable the Remote
rem Desktop Port Redirector and stop it
rem from restarting. This may be unnecessary
rem but it seems better to error on the side
rem of caution.
rem
rem However, I think you'll find it gets
rem magically restarted all by itself,
rem which is the reason for scheduling
rem this batch or .cmd file to run
rem periodically and repeatedly.
rem
rem
rem ******************************************
rem ******************************************
rem ******************************************
sc stop UmRdpService
sc config UmRdpService start= disabled
rem ******************************************
rem ******************************************
rem ******************************************
rem
rem The following commands disable the Remote
rem Registry Service. If this service is
rem stopped, the registry can be modified
rem only by users of the local computer.
rem
rem Isn't that kind of what you want?
rem
rem However, I think you'll find it gets
rem magically restarted all by itself,
rem which is the reason for scheduling
rem this batch or .cmd file to run
rem periodically and repeatedly.
rem
rem
rem
rem ******************************************
rem ******************************************
rem ******************************************
sc stop RemoteRegistry
sc config RemoteRegistry start= disabled
rem ******************************************
rem ******************************************
rem ******************************************
rem
rem The following commands disable the Windows
rem Management Instrumentation Service.
rem
rem However, I think you'll find it gets
rem magically restarted all by itself,
rem which is the reason for scheduling
rem this batch or .cmd file to run
rem periodically and repeatedly.
rem
rem
rem
rem ******************************************
rem ******************************************
rem ******************************************
sc stop wmiApSrv
sc config wmiApSrv start= disabled
rem ******************************************
rem ******************************************
rem ******************************************
rem
rem net stop srv
rem
rem net stop srv would stop all of the shares
rem by itself. This is not recommended
rem because if the command "net share" is
rem executed, the Operating system will ask
rem if it can start the server service,
rem which would re-enable all the default
rem shares, even if you had previously
rem disabled them.
rem
rem Enabling this command line (above) will
rem inhibit ALL of the shares, which will
rem mean that users will not be able to get
rem to ANY share, even the ones you want
rem them to access.
rem
rem Moreover, they won't be able to get to
rem these shares to get previous versions of
rem files saved by shadow copy. However, if
rem you do not let this above command execute,
rem and give your shares names unique to your
rem environment and enable shadow copy on the
rem volumes, the users will be able to
rem retrieve previous versions of files from
rem those shares.
rem
rem ******************************************
rem ******************************************
rem ******************************************
Hackers From China? Really?
Does Anyone From China Know You?
One thing I have learned is that if you trace a route back to these attackers IP's (allegedly from China, Poland and so forth) in real time, in some cases they trace back to California: Hemet, Riverside, Irvine and the San Fernando Valley, not China or Poland. Moreover, if you block the IP's from China the Slavic nations, etc., the hackers' activity will be restricted to domestic (ARIN arin.net/) assigned IP's (yeah, duh...) and that there will be just as many attacks if not more. I conclude from this that many, if not most, hackers we experience are within the continental United States, if not within our own individual geographic neighborhoods. In other words, it's equally likely to be someone near you: possibly someone you know or who knows of you.
Please find (below) some real-world examples. Most of the intrusion attempts came in within less than an hour, and this is not even a complete list....
71.212.68.6 97.94.213.118 77.232.158.85 69.223.179.109 90.192.158.13
27.50.137.55 86.146.192.63 87.212.16.80 124.185.144.38 68.146.159.233
190.226.53.139 80.200.42.43 41.34.188.131 78.31.154.104 122.162.11.249
92.237.239.169 58.107.165.22 178.25.77.174 46.201.221.179 97.94.213.118
109.252.62.162 75.84.239.208 87.228.114.213 90.192.158.13 86.146.192.63
58.218.199.147 75.84.238.106 74.73.57.212 119.134.251.175 67.176.242.207
124.182.94.168 69.156.92.71 69.223.179.109 85.75.27.170 68.146.159.233
24.18.135.62 82.239.8.180 82.239.8.180 202.103.52.147 80.200.42.43
67.176.242.207 180.216.20.36 111.94.14.145 82.239.8.180 58.107.165.227
90.192.158.13 85.75.27.170 98.183.40.193 180.216.20.36 124.182.94.168
68.146.159.233 91.203.141.156 83.5.83.220 69.156.92.71 24.18.135.62
65.32.126.88 174.89.69.23 218.53.151.177 221.212.234.100 124.182.94.168
24.215.54.213 97.94.213.105 74.60.169.244 65.32.126.88 24.77.241.114
122.162.11.249 97.94.213.118 69.223.179.168 24.215.54.213 66.75.135.104
72.129.5.0 74.43.216.125 92.67.70.20 182.55.0.138 75.132.28.127
75.84.232.1 114.143.24.3 210.245.94.46 211.106.178.186 75.84.238.106
75.65.193.182 91.205.189.15 75.132.28.127 81.17.24.66
What these IP's possibly represent is a randomized list (which one can purchase on-line) of ARIN assigned IP's which are not used by any Web site or from a block list.
Hacking: Acquired Skill Or Google Search?
I was inclined to say that these people have superior skills, in order to effect such intrusions, but after conversing with a computer instructor (one who seemed taxed to answer any of my questions on Windows), he confessed that he started hacking as a result of seeing a post on-line which said "If you [perform these steps] you will knock this other user off-line" (Denial of Service attack -- DOS). He said that he performed those steps and then, checking back, the other user was no longer on-line. While some knowledgeable person had to post the how-to's of these attacks on-line, some of these hackers "Google" these attacks and then effect them. So then the scope of some of these hackers' knowledge and experience is limited to the attack they've read about as a result of some Google search.
That is in keeping with my observations that some of the people who have passed these Microsoft exams, can't create a VPN, can't create a domain and so forth. Nonetheless, these certifications are the crux of employment in the field of information technology, so I have to solve the problem of staying on-line safely so that I can learn how to answer these cryptic Microsoft and CTIA certification questions. The knowledge and skills I gain from defending against such attacks will hopefully be a resource to me in the coming years of my career.
Hackers Are Computer People....
It occurs to me that, whether these hackers acquire the information on how to effect these attacks from a Google search, or whether they come from intensive study, these are computer people. It's unlikely they've expended the effort to learn about computers and how to employ these hacking attacks, and haven't applied that information toward a career in information technology. What that means is that some, perhaps many, of the people employed by various organizations, are hackers. These are the people industry is bringing behind their firewalls and giving administrative privileges to on their networks. How good of an idea does that really seem, in light of the observation that these people may not always be employed by the same employer, for various reasons? So when you see computer support people passing around copies of AirCrack, BackTrack, or pirated torrents, you should make the mental note: "These guys might be the hackers". They might also be preparing to be so-called ethical hackers seeking information on penetration testing. (You'll be the best judge of their character to make that assessment.) That's fine, as long as they don't practice on my systems and networks....
It seems I've experienced more hacking in the last several months than in all my time on the Internet before. Consequently, I've spent a more time than I have to spare writing firewalls and scripts to protect my computers from intrusion.
I'm not sure if this results from a round with a local computer certification school (who assigned me on-line training), or if it's just a new political climate, but generally, attacks on your person come in equal proportions, from a source who either knows you personally or who knows of you, and from sources who do not. It's also true there are some hosts out there who are running 'bots' (robot intrusion programs). To differentiate between the two, one has to look at the ability of the intruder to adapt to the defenses you put up. In any case because I empathize with others in my position, I feel moved to share some of what I've learned, about protecting my systems, with other users like myself who bought a computer to use for personal productivity, more than to spend all their time defending themselves against hacking invasions. Previously, data security was simply a matter of keeping one's anti-virus, firewall and operating systems updated. Now days, BITS and faux updates are tools of the hackers' trade, so updates have to be approved and effected manually.
Computer Training.
I'm a long time Windows (DOS, etc.) user, computer and network technician, and part-time administrator. After many years, I have finally decided to seek these I.T. certifications which are now seemingly requisite to employment. Apparently, however, I have to become completely proficient in writing router code (more about this later) and defensive Windows configurations before I can even get to the Windows certification test. Even though I'm running out of time, I'm trying to learn as much as I can about how these intrusions came about and how to prevent them in the future. For many, whose configurations have not been tested in such a way, I doubt they really know just how effective their configurations are. In any case, if you're considering on-line certification training, this might well be one of the points that you should take into consideration.I'll try to share what I think others may find useful in defending their computers and personal networks.
rem ******************************************
rem ******************************************
rem ******************************************
rem
rem When running this batch file through
rem Task Scheduler, it is necessary to click
rem "Run with highest privileges" otherwise
rem the batch file will have not effect.
rem You should be logged on as an
rem administrator in order to configure
rem the scheduled task
rem
rem ******************************************
rem ******************************************
rem ******************************************
net share users /delete
net share users$ /delete
net share admin$ /delete
net share a$ /delete
net share b$ /delete
net share c$ /delete
net share d$ /delete
net share e$ /delete
net share f$ /delete
net share g$ /delete
net share h$ /delete
net share i$ /delete
net share j$ /delete
net share k$ /delete
net share l$ /delete
net share m$ /delete
net share n$ /delete
net share o$ /delete
net share p$ /delete
net share q$ /delete
net share r$ /delete
net share s$ /delete
net share t$ /delete
net share u$ /delete
net share v$ /delete
net share w$ /delete
net share x$ /delete
net share y$ /delete
net share z$ /delete
rem ******************************************
rem ** Disable shares enabled in the GUI
rem ******************************************
net share a /delete
net share b /delete
net share c /delete
net share d /delete
net share e /delete
net share f /delete
net share g /delete
net share h /delete
net share i /delete
net share j /delete
net share k /delete
net share l /delete
net share m /delete
net share n /delete
net share o /delete
net share p /delete
net share q /delete
net share r /delete
net share s /delete
net share t /delete
net share u /delete
net share v /delete
net share w /delete
net share x /delete
net share y /delete
net share z /delete
rem ******************************************
rem ******************************************
rem ******************************************
rem
rem The following commands enable and start
rem the Windows Task Scheduler.
rem
rem Since posting this batch file, I find
rem the Task Scheduler is another of the
rem services that magically just seem to
rem magically get stopped.
rem
rem If you have access to group policy,
rem Computer Policy, Windows Settings,
rem Scripts, Startup, you can configure
rem this batch file to run when Windows
rem starts up. Else, and additionally,
rem you can add this batch file to users'
rem startup routine:
rem %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup
rem using the runas command to run it as an
rem administrator.
rem
rem You can also put a link on your desktop
rem and run the batch file manually at will.
rem
rem ******************************************
rem ******************************************
rem ******************************************
sc start Schedule
sc config Schedule start= auto
rem ******************************************
rem ******************************************
rem ******************************************
rem
rem The following commands enable and start
rem the Windows Error Reporting Service.
rem
rem Stopping this service seems to be one
rem of the first things an intruder wants
rem to do, since what happens thereafter
rem will not be recorded in the system logs.
rem
rem Adding these lines to the a recurring
rem batch or .cmd file, which run frequently
rem might give you a chance of finding out
rem what the intruder did to your system.
rem
rem
rem ******************************************
rem ******************************************
rem ******************************************
sc start WerSvc
sc config WerSvc start= auto
sc start WecSvc
sc config WecSvc start= auto
rem ******************************************
rem ******************************************
rem ******************************************
rem
rem The following commands disable and stop
rem the Windows Remote Management Service.
rem
rem Stopping this service seems to be one
rem of the first things an intruder wants
rem to do, since what happens thereafter
rem will not be recorded in the system logs.
rem
rem Adding these lines to the a recurring
rem batch or .cmd file, which run frequently
rem might give you a chance of finding out
rem what the intruder did to your system.
rem
rem
rem ******************************************
rem ******************************************
rem ******************************************
sc stop WinRM
sc config WinRM start= disabled
rem ******************************************
rem ******************************************
rem ******************************************
rem You can disable Windows' Remote Desktop
rem and Remote Support from the Control Panel,
rem System, Remote tab BUT that doesn't stop
rem the Terminal Services services. Unless
rem you're actually running Terminal Services,
rem Citrix, etc. you don't need or want this
rem service running so that other 3rd Party
rem programs can avail themselves of it to
rem take over your computer remotely.
rem
rem However, I think you'll find it gets
rem magically restarted all by itself,
rem which is the reason for scheduling
rem this batch or .cmd file to run
rem periodically and repeatedly.
rem
rem
rem ******************************************
rem ******************************************
rem ******************************************
sc stop TermService
sc config TermService start= disabled
rem ******************************************
rem ******************************************
rem ******************************************
rem
rem The following commands disable the Remote
rem Desktop Configuration service and stop it
rem from restarting.
rem
rem However, I think you'll find it gets
rem magically restarted all by itself,
rem which is the reason for scheduling
rem this batch or .cmd file to run
rem periodically and repeatedly.
rem
rem
rem ******************************************
rem ******************************************
rem ******************************************
sc stop SessionEnv
sc config SessionEnv start= disabled
rem ******************************************
rem ******************************************
rem ******************************************
rem
rem The following commands disable the Remote
rem Desktop Port Redirector and stop it
rem from restarting. This may be unnecessary
rem but it seems better to error on the side
rem of caution.
rem
rem However, I think you'll find it gets
rem magically restarted all by itself,
rem which is the reason for scheduling
rem this batch or .cmd file to run
rem periodically and repeatedly.
rem
rem
rem ******************************************
rem ******************************************
rem ******************************************
sc stop UmRdpService
sc config UmRdpService start= disabled
rem ******************************************
rem ******************************************
rem ******************************************
rem
rem The following commands disable the Remote
rem Registry Service. If this service is
rem stopped, the registry can be modified
rem only by users of the local computer.
rem
rem Isn't that kind of what you want?
rem
rem However, I think you'll find it gets
rem magically restarted all by itself,
rem which is the reason for scheduling
rem this batch or .cmd file to run
rem periodically and repeatedly.
rem
rem
rem
rem ******************************************
rem ******************************************
rem ******************************************
sc stop RemoteRegistry
sc config RemoteRegistry start= disabled
rem ******************************************
rem ******************************************
rem ******************************************
rem
rem The following commands disable the Windows
rem Management Instrumentation Service.
rem
rem However, I think you'll find it gets
rem magically restarted all by itself,
rem which is the reason for scheduling
rem this batch or .cmd file to run
rem periodically and repeatedly.
rem
rem
rem
rem ******************************************
rem ******************************************
rem ******************************************
sc stop wmiApSrv
sc config wmiApSrv start= disabled
rem ******************************************
rem ******************************************
rem ******************************************
rem
rem net stop srv
rem
rem net stop srv would stop all of the shares
rem by itself. This is not recommended
rem because if the command "net share" is
rem executed, the Operating system will ask
rem if it can start the server service,
rem which would re-enable all the default
rem shares, even if you had previously
rem disabled them.
rem
rem Enabling this command line (above) will
rem inhibit ALL of the shares, which will
rem mean that users will not be able to get
rem to ANY share, even the ones you want
rem them to access.
rem
rem Moreover, they won't be able to get to
rem these shares to get previous versions of
rem files saved by shadow copy. However, if
rem you do not let this above command execute,
rem and give your shares names unique to your
rem environment and enable shadow copy on the
rem volumes, the users will be able to
rem retrieve previous versions of files from
rem those shares.
rem
rem ******************************************
rem ******************************************
rem ******************************************
Hackers From China? Really?
Does Anyone From China Know You?
One thing I have learned is that if you trace a route back to these attackers IP's (allegedly from China, Poland and so forth) in real time, in some cases they trace back to California: Hemet, Riverside, Irvine and the San Fernando Valley, not China or Poland. Moreover, if you block the IP's from China the Slavic nations, etc., the hackers' activity will be restricted to domestic (ARIN arin.net/) assigned IP's (yeah, duh...) and that there will be just as many attacks if not more. I conclude from this that many, if not most, hackers we experience are within the continental United States, if not within our own individual geographic neighborhoods. In other words, it's equally likely to be someone near you: possibly someone you know or who knows of you.Please find (below) some real-world examples. Most of the intrusion attempts came in within less than an hour, and this is not even a complete list....
71.212.68.6 97.94.213.118 77.232.158.85 69.223.179.109 90.192.158.13
27.50.137.55 86.146.192.63 87.212.16.80 124.185.144.38 68.146.159.233
190.226.53.139 80.200.42.43 41.34.188.131 78.31.154.104 122.162.11.249
92.237.239.169 58.107.165.22 178.25.77.174 46.201.221.179 97.94.213.118
109.252.62.162 75.84.239.208 87.228.114.213 90.192.158.13 86.146.192.63
58.218.199.147 75.84.238.106 74.73.57.212 119.134.251.175 67.176.242.207
124.182.94.168 69.156.92.71 69.223.179.109 85.75.27.170 68.146.159.233
24.18.135.62 82.239.8.180 82.239.8.180 202.103.52.147 80.200.42.43
67.176.242.207 180.216.20.36 111.94.14.145 82.239.8.180 58.107.165.227
90.192.158.13 85.75.27.170 98.183.40.193 180.216.20.36 124.182.94.168
68.146.159.233 91.203.141.156 83.5.83.220 69.156.92.71 24.18.135.62
65.32.126.88 174.89.69.23 218.53.151.177 221.212.234.100 124.182.94.168
24.215.54.213 97.94.213.105 74.60.169.244 65.32.126.88 24.77.241.114
122.162.11.249 97.94.213.118 69.223.179.168 24.215.54.213 66.75.135.104
72.129.5.0 74.43.216.125 92.67.70.20 182.55.0.138 75.132.28.127
75.84.232.1 114.143.24.3 210.245.94.46 211.106.178.186 75.84.238.106
75.65.193.182 91.205.189.15 75.132.28.127 81.17.24.66
What these IP's possibly represent is a randomized list (which one can purchase on-line) of ARIN assigned IP's which are not used by any Web site or from a block list.
Hacking: Acquired Skill Or Google Search?
I was inclined to say that these people have superior skills, in order to effect such intrusions, but after conversing with a computer instructor (one who seemed taxed to answer any of my questions on Windows), he confessed that he started hacking as a result of seeing a post on-line which said "If you [perform these steps] you will knock this other user off-line" (Denial of Service attack -- DOS). He said that he performed those steps and then, checking back, the other user was no longer on-line. While some knowledgeable person had to post the how-to's of these attacks on-line, some of these hackers "Google" these attacks and then effect them. So then the scope of some of these hackers' knowledge and experience is limited to the attack they've read about as a result of some Google search.That is in keeping with my observations that some of the people who have passed these Microsoft exams, can't create a VPN, can't create a domain and so forth. Nonetheless, these certifications are the crux of employment in the field of information technology, so I have to solve the problem of staying on-line safely so that I can learn how to answer these cryptic Microsoft and CTIA certification questions. The knowledge and skills I gain from defending against such attacks will hopefully be a resource to me in the coming years of my career.
Hackers Are Computer People....
It occurs to me that, whether these hackers acquire the information on how to effect these attacks from a Google search, or whether they come from intensive study, these are computer people. It's unlikely they've expended the effort to learn about computers and how to employ these hacking attacks, and haven't applied that information toward a career in information technology. What that means is that some, perhaps many, of the people employed by various organizations, are hackers. These are the people industry is bringing behind their firewalls and giving administrative privileges to on their networks. How good of an idea does that really seem, in light of the observation that these people may not always be employed by the same employer, for various reasons? So when you see computer support people passing around copies of AirCrack, BackTrack, or pirated torrents, you should make the mental note: "These guys might be the hackers". They might also be preparing to be so-called ethical hackers seeking information on penetration testing. (You'll be the best judge of their character to make that assessment.) That's fine, as long as they don't practice on my systems and networks....
Posted by John Dodrill at 1/26/2012 12:11 AM 
Categories: uncategorized
Tags: net share Windows Error Reporting Service WerSvc hidden share hidden shares administrative shares administrative share
Categories: uncategorized
Tags: net share Windows Error Reporting Service WerSvc hidden share hidden shares administrative shares administrative share
Comments