Master_Ghost_Knight
New Member
CosmicJoghurt said:@MGK
"Know how a computer works"? What do you mean?
Take a simple example, when you got in to the LOR site you most probably haven't logged in, that task was already done. Yet if you go to another computer you are not logged in there, this ofcourse because this website doesn't know who is using the computer. Surpisingly enough neither does it know which computer is being logged in, sure you can try to track it via IP, but if you are in a sub-network (which is most popular now a days) there can be several computers connect all of them with the same external IP.
The method by which the website knows who you are and that it should automatically log you in is by creating a coockie file with a specific encripted key and storing it on your computer and associated with your user account (the key can have many forms of validity but I will spare that for the moment), the hope of this is that only you use that user account and therefore you are the only one with acess to that key. Thus if you have that key the website will simply assume that it is you without asking for your account details.
Now there are 2 ways by which I can acess to your account, the first is by brute force trying to generae all possible keys and trying them until I manage to hit on the right one (takes to long), the other is by having a worm on your computer that sends me your coockies or some other method by which I can get acess to your coockies. One I have your coockies I can just use them and walk right in to your account (many low security pages are hackable by this process).
To avoid being hacked by this process is to start making an habbit of allways logging out and deleting the coockies, so that they can not get your keys and even if they get your keys while you are browsing the act of logging out deals away with all the locks so that no keys will work.
Another popular tool is traffic jaming. The internet is made to be a versatile comunication system, and the way to best meet the demands of a efficiecy is tosmartly re-route incoming communication to the right destinations and let the destination figure out what to do with it. The destination computer must issue a processor slot to deal with your connection and decide what to do with it (i.e. it must stop doing something else to deal with it), the problem is that it can not distinguish if the message comes from a legitimate user or from a user who just wants to fuck with you. Now if there are millions of users trying to fuck with you and you have to atend to each and every single one of them (even if only until it realises if it is a legitimate user or not) you will eventually run out of processing power to deal with all the connection and (legitimate or not) they all just start to get ignored.
A more old school example is the pay phones, altough they don't work like this anymore it was a popular hackable asset. The phone system is a comunication line best suited to transmit signals in the human audio range, and the way by which you would tell the central to which other phone it should re-route is by pressing a key that would produce a sound on a specific frequencie (this on the same line as you speak). A machine on the other end of the line would "hear" which frequencie was being ranged and translate it into numbers that where being pressed in order to make the proper re-route. The phone would only allow the keys to produce tones (and produce a tone that says that it has quarters in it) when you put quarters in it, but there was nothing that stopedyou from pre-recording the tones and play them on the microphone. The machine on the other end can't tell the difference between the sound being played by the phone or on the mic because they use the same line, so it just assumes that you payed the quarters and establishes the connection for free.
There are a million examples of this.