Solved

Anti hacking techniques (Iris)

Posted on 2001-06-10
19
366 Views
Last Modified: 2012-08-14
My 18 old neighbor  was able to hack all my incoming
and outgoing email contents (passwords ,credit cards ....)
Using Iris 1.01 .

  I have norton firewall 2001 installed ,it couldn't help
in this....

 I have installed iris myself in order to test .I was
able to hack  my emails .Iris has a guard mode that
is supposed to prevent other from hacking but the guard
feature is useless.

How can I prevent the contents of my emails and my browser from being hacked?
0
Comment
Question by:fadih
  • 6
  • 3
  • 2
  • +6
19 Comments
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 6173864
You might want to post a pointer to this question in the security TA as well:

http://www.experts-exchange.com/jsp/qList.jsp?ta=security

Cd&
0
 
LVL 9

Expert Comment

by:TTom
ID: 6173878
I am going to guess that you are on a cable system.  It seems to me that they function pretty much like the old time "party" telephone lines.  Everyone that's hooked up can "listen in" on each other.  If that's the case, I don't think there is a lot you can do about it, but you should certainly speak with your provider.

Tom
0
 
LVL 1

Expert Comment

by:mshivdas
ID: 6175477
Anything that you send or receive over the internet that is not encrypted can potentially be viewed by third parties.

For email, consider using PGP to encrypt your messages.  This will require that your recipients use PGP as well.

For browsing, don't send credit card numbers unless you are sure you are connected to a secure site.

For browsing, if you are logging into a site with a username/password combination, see if the site has a secure login option that uses SSL.  If the site doesn't offer a secure login option, just keep in mind that your login and password can be intercepted.

A firewall protects your machine from invasion -- it does not protect the data once it leaves your machine.

0
 
LVL 1

Expert Comment

by:Haho
ID: 6175787
yes, use encryption where necessary.. get a secure digital ID for emails from Verisign where you contents are signed and encrypted...

http://www.verisign.com/products/class1/index.html

0
 
LVL 24

Expert Comment

by:SunBow
ID: 6177584
Right, treat eMail like a telephone call made from a public phone booth with a crowd of people nearby. Don't say or write something you really don't want others to hear or read.  Encryption is nice, but in eMail, requires everyone to have the exact same system, often too proprietary for general use. But why you all using this ancient code? That version of Iris is Beta! AND, like other betaware, often leads directly to downtime.

Why you put passwords in eMail? eMail may be used to pass public keys, not private ones.

http://eeye.com/html/Products/index.html
http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0120.html
http://www.sumthin.nu/archives/ntbt/Aug_2000/msg00064.html
0
 

Author Comment

by:fadih
ID: 6178279
Most people I send email to don't even know what
pgp is .

 Is there a way to encrypt the data untill it reaches
the intended person only ,without using from his side
any encryption

"get a secure digital ID " how and how much can it help Haho?
0
 
LVL 1

Expert Comment

by:wisdom042597
ID: 6180011
Secure Digital ID - don't make me laugh.  That's a sales gimmick.  I don't think you need to pay a fee to a big corporation in order to get permission to run encryption.  Verisign is evil.  They bought Network Solutions and control the .COM and other databases. They only care about money, not security.
0
 
LVL 1

Expert Comment

by:Haho
ID: 6184552
then get one secure digital ID FREE at:
http://www.thawte.com/getinfo/products/personal/contents.html

from microsoft outlook's HELP:

How do digital IDs work?
A digital ID is composed of a "public key," a "private key," and a "digital signature." When you digitally sign your messages, you are adding your digital signature and public key to the message. The combination of a digital signature and public key is called a "certificate." With Outlook Express, you can specify a certificate to be used by others to send encrypted messages to you. This certificate can be different from your signing certificate.

Recipients can use your digital signature to verify your identity; they can use your public key to send you encrypted mail that only you can read by using your private key. To send encrypted messages, your address book must contain digital IDs for the recipients. That way, you can use their public keys to encrypt the messages. When a recipient gets an encrypted message, their private key is used to decrypt the message for reading.

Before you can start sending digitally signed messages, you must obtain a digital ID. If you are sending encrypted messages, your address book must contain a digital ID for each recipient.
0
 
LVL 1

Expert Comment

by:Haho
ID: 6184553
it is quite easy to set up too.. :)
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 24

Expert Comment

by:SunBow
ID: 6197280
wisdom,  
:) Have you noticed that those forking out $50K to put up a .kids to distinguish from .porn ended up losing battle completely???
0
 
LVL 24

Accepted Solution

by:
SunBow earned 300 total points
ID: 6197287
fadih
If you said what eMail service you use, I missed it.
Can you consider switching? There are many free eMail services on web, Web-Mail, such as for HotMail and NetScape. etc. Rather than download to PC, you and friends can send from one remote website to another.  It thus looks like other html, but is not on your local drive.

When you logon to the remotes, you can each be running SSL, for security, for in modern era thanx to NetScape invention, this kicks in automatically for whoever is using it on their browser.

Norton firewall is not among best. Try ZoneAlarm freebie here: www.ZoneLabs.com - it is I think the only one that has a blocker for what leaves your PC. Others like BlackIce defend from packets coming in. ZoneAlarm looks the other way. McAfee & Symantec have holes in them.
0
 

Author Comment

by:fadih
ID: 6198148
Thank s every one

Haho: I will try digital siginute and get back to you
sunbow: I am using outlook I have tons of outgoing and incoming email .We based is not an option (i think)
I will try  www.ZoneLabs.com and get back to you
0
 
LVL 12

Expert Comment

by:Otta
ID: 6236685
Don't see: http://www.ussrback.com/labs52.html

Do _NOT_ read this advisory, because it tells you how
to exploit a bug in IRIS to "crash" your neighbour's computer.

Do _NOT_ do this.
0
 
LVL 12

Expert Comment

by:Otta
ID: 6236703
> How can I prevent the contents of my emails
> and my browser from being hacked?
> I will try www.ZoneLabs.com

Using ZoneAlarm will not solve this problem.

Your neighbour is "sniffing" the IP-packets *AFTER* they
have left your computer.

So, he can see any "clear-text" traffic (E-mail
and http:// requests),
but he cannot see any "encrypted" (https:// )
sessions through a web-browser running in "secure" mode.

Switch ISPs, i.e., from cable-modem to ADSL,
to get onto a different network than your neighbour.

Or, get your cable-modem provider to switch to Terayon cable-modems,
which do their own encryption/decryption -- which will
defeat your neighbour's packet-sniffing.
0
 
LVL 24

Expert Comment

by:SunBow
ID: 6310299
;-)   well I did say that as a Beta it can lead to downtime <heh>

ZoneAlarm is no encrypter. It more useful as packet blocker or at least detector. Since neighborhood has been compromised with non-standard wares, and at least some information about that has been shared; it may have use in identifying or cutting back activities of other programs that are potentially running that have not been identified.

Odds pretty good though, that even an eighteen year old will get bored with trying to read EM of others and find something else to occupy self with.

It is never considered wise to include passwords and credit card numbers in eMail.  Same for web. Same for other personal info like medical history, bank records.
0
 
LVL 3

Expert Comment

by:FlamingSword
ID: 6866523
:)hope you are happy now
0
 
LVL 1

Expert Comment

by:wisdom042597
ID: 6866543
Also IMO Norton's firewall is a joke.  In fact, I can't tell you how many clients have had their e-mail compromised by Norton Antivirus - it seems in some circumstances the software installs itself between your email client and the POP3 server and passes info between systems and Norton's (based on what I've seen).  So what happens is when Symantec's network has burps, you can't check your own mail. I assume they sniff mail passwords and check your mail for you after checking it for viruses - I consider this to be rather unethical behavior, and as a result, I can't recommend any of Norton's "security" products to clients... they're almost as bad as Microsoft now.  
0
 
LVL 24

Expert Comment

by:SunBow
ID: 6866617
not fair
 :- (
in this PAQ...
please flame firewalls here:
http://www.experts-exchange.com/jsp/qShow.jsp?ta=security&qid=20266901

I was about to give it up and close (multiple awards permitted)
0
 
LVL 24

Expert Comment

by:SunBow
ID: 6866623
(replications from other threads permitted)
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Read about why website design really matters in today's demanding market.
"In order to have an organized way for empathy mapping, we rely on a psychological model and trying to model it in a simple way, so we will split the board to three section for each persona and a scenario and try to see what those personas would Do,…
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now