Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Anti hacking techniques (Iris)

Posted on 2001-06-10
19
Medium Priority
?
406 Views
Last Modified: 2012-08-14
My 18 old neighbor  was able to hack all my incoming
and outgoing email contents (passwords ,credit cards ....)
Using Iris 1.01 .

  I have norton firewall 2001 installed ,it couldn't help
in this....

 I have installed iris myself in order to test .I was
able to hack  my emails .Iris has a guard mode that
is supposed to prevent other from hacking but the guard
feature is useless.

How can I prevent the contents of my emails and my browser from being hacked?
0
Comment
Question by:fadih
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 2
  • +6
19 Comments
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 6173864
You might want to post a pointer to this question in the security TA as well:

http://www.experts-exchange.com/jsp/qList.jsp?ta=security

Cd&
0
 
LVL 9

Expert Comment

by:TTom
ID: 6173878
I am going to guess that you are on a cable system.  It seems to me that they function pretty much like the old time "party" telephone lines.  Everyone that's hooked up can "listen in" on each other.  If that's the case, I don't think there is a lot you can do about it, but you should certainly speak with your provider.

Tom
0
 
LVL 1

Expert Comment

by:mshivdas
ID: 6175477
Anything that you send or receive over the internet that is not encrypted can potentially be viewed by third parties.

For email, consider using PGP to encrypt your messages.  This will require that your recipients use PGP as well.

For browsing, don't send credit card numbers unless you are sure you are connected to a secure site.

For browsing, if you are logging into a site with a username/password combination, see if the site has a secure login option that uses SSL.  If the site doesn't offer a secure login option, just keep in mind that your login and password can be intercepted.

A firewall protects your machine from invasion -- it does not protect the data once it leaves your machine.

0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 1

Expert Comment

by:Haho
ID: 6175787
yes, use encryption where necessary.. get a secure digital ID for emails from Verisign where you contents are signed and encrypted...

http://www.verisign.com/products/class1/index.html

0
 
LVL 24

Expert Comment

by:SunBow
ID: 6177584
Right, treat eMail like a telephone call made from a public phone booth with a crowd of people nearby. Don't say or write something you really don't want others to hear or read.  Encryption is nice, but in eMail, requires everyone to have the exact same system, often too proprietary for general use. But why you all using this ancient code? That version of Iris is Beta! AND, like other betaware, often leads directly to downtime.

Why you put passwords in eMail? eMail may be used to pass public keys, not private ones.

http://eeye.com/html/Products/index.html
http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0120.html
http://www.sumthin.nu/archives/ntbt/Aug_2000/msg00064.html
0
 

Author Comment

by:fadih
ID: 6178279
Most people I send email to don't even know what
pgp is .

 Is there a way to encrypt the data untill it reaches
the intended person only ,without using from his side
any encryption

"get a secure digital ID " how and how much can it help Haho?
0
 
LVL 1

Expert Comment

by:wisdom042597
ID: 6180011
Secure Digital ID - don't make me laugh.  That's a sales gimmick.  I don't think you need to pay a fee to a big corporation in order to get permission to run encryption.  Verisign is evil.  They bought Network Solutions and control the .COM and other databases. They only care about money, not security.
0
 
LVL 1

Expert Comment

by:Haho
ID: 6184552
then get one secure digital ID FREE at:
http://www.thawte.com/getinfo/products/personal/contents.html

from microsoft outlook's HELP:

How do digital IDs work?
A digital ID is composed of a "public key," a "private key," and a "digital signature." When you digitally sign your messages, you are adding your digital signature and public key to the message. The combination of a digital signature and public key is called a "certificate." With Outlook Express, you can specify a certificate to be used by others to send encrypted messages to you. This certificate can be different from your signing certificate.

Recipients can use your digital signature to verify your identity; they can use your public key to send you encrypted mail that only you can read by using your private key. To send encrypted messages, your address book must contain digital IDs for the recipients. That way, you can use their public keys to encrypt the messages. When a recipient gets an encrypted message, their private key is used to decrypt the message for reading.

Before you can start sending digitally signed messages, you must obtain a digital ID. If you are sending encrypted messages, your address book must contain a digital ID for each recipient.
0
 
LVL 1

Expert Comment

by:Haho
ID: 6184553
it is quite easy to set up too.. :)
0
 
LVL 24

Expert Comment

by:SunBow
ID: 6197280
wisdom,  
:) Have you noticed that those forking out $50K to put up a .kids to distinguish from .porn ended up losing battle completely???
0
 
LVL 24

Accepted Solution

by:
SunBow earned 900 total points
ID: 6197287
fadih
If you said what eMail service you use, I missed it.
Can you consider switching? There are many free eMail services on web, Web-Mail, such as for HotMail and NetScape. etc. Rather than download to PC, you and friends can send from one remote website to another.  It thus looks like other html, but is not on your local drive.

When you logon to the remotes, you can each be running SSL, for security, for in modern era thanx to NetScape invention, this kicks in automatically for whoever is using it on their browser.

Norton firewall is not among best. Try ZoneAlarm freebie here: www.ZoneLabs.com - it is I think the only one that has a blocker for what leaves your PC. Others like BlackIce defend from packets coming in. ZoneAlarm looks the other way. McAfee & Symantec have holes in them.
0
 

Author Comment

by:fadih
ID: 6198148
Thank s every one

Haho: I will try digital siginute and get back to you
sunbow: I am using outlook I have tons of outgoing and incoming email .We based is not an option (i think)
I will try  www.ZoneLabs.com and get back to you
0
 
LVL 12

Expert Comment

by:Otta
ID: 6236685
Don't see: http://www.ussrback.com/labs52.html

Do _NOT_ read this advisory, because it tells you how
to exploit a bug in IRIS to "crash" your neighbour's computer.

Do _NOT_ do this.
0
 
LVL 12

Expert Comment

by:Otta
ID: 6236703
> How can I prevent the contents of my emails
> and my browser from being hacked?
> I will try www.ZoneLabs.com 

Using ZoneAlarm will not solve this problem.

Your neighbour is "sniffing" the IP-packets *AFTER* they
have left your computer.

So, he can see any "clear-text" traffic (E-mail
and http:// requests),
but he cannot see any "encrypted" (https:// )
sessions through a web-browser running in "secure" mode.

Switch ISPs, i.e., from cable-modem to ADSL,
to get onto a different network than your neighbour.

Or, get your cable-modem provider to switch to Terayon cable-modems,
which do their own encryption/decryption -- which will
defeat your neighbour's packet-sniffing.
0
 
LVL 24

Expert Comment

by:SunBow
ID: 6310299
;-)   well I did say that as a Beta it can lead to downtime <heh>

ZoneAlarm is no encrypter. It more useful as packet blocker or at least detector. Since neighborhood has been compromised with non-standard wares, and at least some information about that has been shared; it may have use in identifying or cutting back activities of other programs that are potentially running that have not been identified.

Odds pretty good though, that even an eighteen year old will get bored with trying to read EM of others and find something else to occupy self with.

It is never considered wise to include passwords and credit card numbers in eMail.  Same for web. Same for other personal info like medical history, bank records.
0
 
LVL 3

Expert Comment

by:FlamingSword
ID: 6866523
:)hope you are happy now
0
 
LVL 1

Expert Comment

by:wisdom042597
ID: 6866543
Also IMO Norton's firewall is a joke.  In fact, I can't tell you how many clients have had their e-mail compromised by Norton Antivirus - it seems in some circumstances the software installs itself between your email client and the POP3 server and passes info between systems and Norton's (based on what I've seen).  So what happens is when Symantec's network has burps, you can't check your own mail. I assume they sniff mail passwords and check your mail for you after checking it for viruses - I consider this to be rather unethical behavior, and as a result, I can't recommend any of Norton's "security" products to clients... they're almost as bad as Microsoft now.  
0
 
LVL 24

Expert Comment

by:SunBow
ID: 6866617
not fair
 :- (
in this PAQ...
please flame firewalls here:
http://www.experts-exchange.com/jsp/qShow.jsp?ta=security&qid=20266901

I was about to give it up and close (multiple awards permitted)
0
 
LVL 24

Expert Comment

by:SunBow
ID: 6866623
(replications from other threads permitted)
0

Featured Post

Plesk WordPress Toolkit

Plesk's WordPress Toolkit allows server administrators, resellers and customers to manage their WordPress instances, enabling a variety of development workflows for WordPress admins of all skill levels, from beginners to pros.

See why 2/3 of Plesk servers use it.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Because your company can’t afford for you to make SEO mistakes, you’ll want to ensure you’re taking the right steps each and every time you post a new piece of content. This list of optimization do’s and don’ts can help you become an SEO wizard.
When it comes to security, close monitoring is a must. According to WhiteHat Security annual report, a substantial number of all web applications are vulnerable always. Monitis offers a new product - fully-featured Website security monitoring and pr…
This video teaches users how to migrate an existing Wordpress website to a new domain.
The viewer will learn how to count occurrences of each item in an array.
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question