Script fools n00b hackers into hacking themselves Security experts have warned Facebook users in India not to fall for a new scam which tricks victims into “self cross-site scripting” by promising access to a tool which will let them hack their friends’ accounts. Symantec security response manager Satnam Narang revealed in a blog entry that a post began circulating last week …
With all the "bad" hacking going on, the people behind this deserve an award. The unprincipled script kiddies get a cyber-wedgy of their own doing, Farcebook gets more noise, a nice trade in "likes" can be started, which keeps marketing dweebs everywhere happy. And for those of us who don't run scripts we don't understand, and don't give a tinker's cuss about FB, well, it's simple amusement.
FYI
A "tinkers dam" is not cussing. Tinkers used to repair things, like say a pot. They would make a dam out of clay and sand & then pour molten metal in to the pot to close the hole. When they were done they would sweep this tinkers dam away because it was worthless.
If the "career" path of a hacker follows the conventional route: from starting as a script kiddie to either getting a girlfriend or becoming a hard-ass hacker, then anything that can nip the process in the bud sounds like be a good thing.
Maybe the world should start hacking back? With tools like this and then later on with malware that purports to prevent self-hacks. We know, from the life-cycle of hacking itself, how to escalate these things.
Maybe attack really is the best form of defence.
The keyword here is script kiddie, or put differently: someone who has almost no idea how this whole computer / network thingie actually works. "Get IP number, enter IP number in script, $profit!".
(from an real IRC convo in the past 20 years, but I had to reconstruct from mind of course):
<kiddie> Oh yeah, bet ur afraid to give me ur ip. LOLZ
<guru> None at all, my IP address isn't a secret. 127.224.94.13, so what, huh?
*** Quits: kiddie #linux [~kiddie@my.hidden.address] (Ping timeout)
It's not as if its hard to fool these kind of "networking experts" you know ;)
Yeah, it's not really class A as it's reserved, but it kind of logically is A, so it's subnet mask would be 255.0.0.0, so classless CIDR gives 127.0.0.0/8
Also, 2007 Wayback Machine :)
Its still smarter than the weekly phonecalls people I know get from indian sounding gentlemen.
In fact, my Nan - a lady who has never owned any form of computer (bar an ancient nokia which is new-tech to her) got a phonecall only 3 days ago from someone from her ISP (despite not having a connection). He informed her that her broadband was at fault and needed fixing (for a fee).
She passed the phone to me and by memory, I talked the guy through everything he needed to know (checked event viewer for errors). The fix was to enable port forwarding, RDP and pay £200. It was fun playing dumb and wasting some time.
"Greetings, You have just received the "IRISH VIRUS". As we don't have any programming experience, this Virus works on the honour system. Please delete all the files on your hard drive manually and forward this Virus to everyone on your mailing list. Thank you for your cooperation."
Ah. No. This one actually works.
This post has been deleted by its author
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
