none
How to avoid aiding the development of malicious code

    Genel Tartışma

  • I'm starting a new thread so as not to overwhelm Reed Kimble's thread with musings and ponderings.

    Contributors: How to avoid aiding the development of malicious code

    I see an uncomfortable number of questions asking for info that could easily be put to malicious use.
    You can probe the OP to discover their intent, and you get replies that come in one of two flavors.
    Neither of which really tells you anything about the true intent of the individual.

    1.   My intent is benign.  I mean no harm. .....
    2.   ANGER.  Why can't you people me? .....

    I have come to realize that trying to discover their intent is a waste time.
    Not because of the reactions, but their intent is really irrelevant to the matter at hand.  Security.

    Posting code of any nature in a public forum that can be abused for malicious purposes is outright reckless. 
    I wish could provide the help they request, but I don't know most of those programming tricks anyway.
    I would discourage anyone from publicly posting code that could be perverted no matter what the person asking for it claims.
    Their claims take a back seat to common sense.  Anyone can read the post, people.
    Don't post anything that could become part of someone's malicious software in public.


    Current thread .

    What do you think of that one?  I'm ready to give 'em the boot.

    Rudy  =8^D

    Mark the best replies as answers. "Fooling computers since 1971."
    • Değiştirilmiş Tür Rudedog2MVP 23 Ekim 2012 Salı 14:16 : Post is a discussion :
    03 Aralık 2009 Perşembe 18:16

Tüm Yanıtlar

  • I would discourage anyone from publicly posting code that could be perverted no matter what the person asking for it claims.


    While I agree with most of this - I do want to throw out a quick thought regarding the two evils here.  If we keep silent and ignore questions like this, aren't we doing more harm than good?  I'm looking for opinions on this one, but isn't it better for us to create and share "proof of concepts" openly? 


    I guess my point is - a determined, proficient coder with malicious intent that poses any real risk is probably not seeking or asking for help on msdn.  If there's means to extend .Net for this, they'll do it and we all have to approach it blindly from the zero hour.  Whereas the alternative is to keep it out in the open. 

    The downside is obvious, sure...  We'd be indirectly catering to some small-fry, script kiddies - but given 80% of them pose the same batch of questions easily solved using windows hooks...  I'm not overly concerned about them becoming dangerous and taking out companies.  On the upside, keeping this "malicious functionality" out in the open brings contributor awareness.  And with that comes cross-referenced input on ways to solve/prevent the problem or means to vaccinate your code.
    03 Aralık 2009 Perşembe 19:09
  • The whole point of .NET is open development, and these forums are one vehicle to achieve that end.
    From Reed Kimble's thread......

    In the C# forum we recently had an individual who was wanting to write code so that his "little sister couldn't use his computer" when he was not around.  He wanted to be notified when she logged on, observe what she did, log all keystrokes, log all web visited pages, and prevent his program from showing up in the Task Manager.  Also, wanted it to be prevented from being stopped remotely.  Said that his kid sister was 6 years old. 
    Riiiiiight. 

    Another recent candidate wanted to be able to monitor his anti-virus scanning software.  Claimed that he wanted to capture and analyze the viruses that it found before the software disposed of it.  Said that he need to be able to stop the anti-virus scan from detecting his code as a virus. 
    Riiiiiight. 

    That is the type of stuff that I had in mind. 

    Here's my rule of thumb.
    I try not to post anything that is not documented in the MSDN library.


    Mark the best replies as answers. "Fooling computers since 1971."
    03 Aralık 2009 Perşembe 19:15

  • Here's my rule of thumb.
    I try not to post anything that is not documented in the MSDN library.


    Mark the best replies as answers. "Fooling computers since 1971."


    ...which is pretty much everything.

    I think that your well-intended thoughts are going to be like trying to herd cats Rudy. If someone asks about file operations, well that's certainly legit but could it not also be used for nefarious purposes? Of course, and the list goes on and on.

    Just my two cents worth :-o
    03 Aralık 2009 Perşembe 19:27
  • I disagree.  Not everything in the Framework is documented in the MSDN library.
    I know of a few types and methods that appear complete, but are not. 

    With others, the docs are sketchy at best.
    I've explored a couple of these items and discovered that some can do some pretty powerful stuff.
    I have wirtten code that can drill into a SQL 2005 server instance despite any password protections. 

    And I don't have a problem with file operations.  That's already documented in the library, anyway.
    I do have reservations when folks don't ask for simple stuff, but more complex stuff.

    That link I gave above is for someone looking for an event to let him know when someone is logging into the computer.
    An event that tells you when the windows system login box has just been shown. 
    That is the sort of stuff that makes me pause, not how to read all of files in folder.

    Rudy  =8^D

    Mark the best replies as answers. "Fooling computers since 1971."
    03 Aralık 2009 Perşembe 20:09

  • I am bringing this that I posted in the previous thread, because this is what I thing we are dealing with:

    -------
    The thing is that those that are already doing malicious code do not post here to ask how to do it, They can propably show us how to do it.

    What we have are kids with small knowledge of the language that find funny to play hacker.

    So unless we provide a copy/paste code that do what they want to do, they cannot do much bad.

    The proof if this is with a search, you can find in this forum many code of keyboard hook and we keep having post asking for key logger.

    This is true for most of these demand of suspicious code, if one knows a bit what he is doing, he will find all the info he needs in this forum.

    What I Think, just not let put it together for them in a single post
    03 Aralık 2009 Perşembe 20:23
  • So if someone asks how to hide their application from Task Manager...would you help? 
    I have seen some questions that really go across the borderline from innocent to malicious.

    I used to be a hacker when being a hacker was a good thing, it meant you worked hard. 

    Hackers come in different types and have different motivations.  Sure, it could be kids asking the questions.  But, I also think that you cannot rule out the possibility many of these nuisance viruses are probably written by kids looking for thrill.  The kind nuisances that cause damage, like wipe your drive for you.  Don't assume these people are kids just because they have only had a few posts, either.  Some use multiple names to hide the big picture.

    Other types of hackers are out to steal your identity, or just simply borrow some of your PC's computing power.  We get questions about that sort of stuff, too.  Some folks want to log into to a server but lack a user name or password.  Most of the time you tell them not possible, but there are some who just get angry.  These angry types are the ones that give me pause.



    Mark the best replies as answers. "Fooling computers since 1971."
    03 Aralık 2009 Perşembe 20:52
  • So if someone asks how to hide their application from Task Manager...would you help? 


    I remember that thread pretty well because I'm one of the ones who answered.

    In fact when I asked "...tell us just why it is that you want to hide your program from the task manager?", the OP never replied and the thread soon became dead.

    I fully endorse what you're trying to achieve; I just don't know how anyone can really know whether or not it's for a legitimate purpose is what I meant. As for me, I'm not on your level anyway - no harm to worry about me other than someone's program not ever working again! LOL
    03 Aralık 2009 Perşembe 21:11
  • No, you cannot know the purpose or intent of someone.
    My only point is that their intent and purpose is pretty much irrelevant compared to the bigger picture.

    Mark the best replies as answers. "Fooling computers since 1971."
    03 Aralık 2009 Perşembe 21:28
  • So if someone asks how to hide their application from Task Manager...would you help? 



    Probably not,

    Not because this is worse than posting a keyboard hook or something like that, but because this is suspicious in itself.
    03 Aralık 2009 Perşembe 21:29


  • I don't think that it is possible to make a list of what should be posted and what shouldn't.

    We need to be our own police
    03 Aralık 2009 Perşembe 21:33


  • I don't think that it is possible to make a list of what should be posted and what shouldn't.

    We need to be our own police



    Agreed.  That is why my rule of thumb has been to only post that which is already documented in the library.
    Mark the best replies as answers. "Fooling computers since 1971."
    03 Aralık 2009 Perşembe 22:41
  • Rudy,

    I thought about this more last night and this morning.

    I know that Microsoft's position on maliscious activities is to try and prevent them and I have seen some articles many years ago talking about how many things were limited in Internet Explorer and Outlook with the purpose of not having any backlash from users saying that Microsoft allowed thses things to happen.  And i can understand this from that point, since it is about their business reputation and eliminating the whining of users who don't know any better.

    In the forum however, we are not providing a product we need to monitor for the users protection to prevent a backlash.  We are here to educate.  I don't think withholding code that can be used with maliscious purpose is going to fix the issue or prevent any issues.  In fact it may lead to those being more aggessive towards it.  I am sure you understand the behavior of people who are told they can't have or do something.  I don't see that it is better to withhold code that can help people just because someone else may use it for bad.  What we need to do is educate on why it is bad and how to use it properly, and explain the consequenxes of maliscious use.

    The person who gives information with an educated use of it is not responsible for the users action.  About 10 years ago i was in a very bad car accident.  Some young kid was having blackouts and came into my lane and hit me head on.  My son and i had broken bones, i couldn't walk correctly for nearly a year and i still don't walk as i should, and my aunt died.  Was this horrible, yes, did i blame the guy who taught him how to drive, no, was it his fault the kid hit us, no.  Now the kid did not his us with the intent to do so but even if he had, it would not be the fault of the guy who taught him how to drive.  He educated the kid on the correct use of something that can be used for a very bad purpose or result.  It is also not the guys place to say i will not teach you how to drive because one day you or others may know this and may do something bad with it.  What if everyone who teaches drivers ed was to have the same attitude, the person who wants to learn would be forced to learn from those on the other side and will be influenced by the "Bad" drivers.  They will led to believe that it is ok to speed, not use signals, run over animals, not buy insurance, . etc..., etc..., etc...

    So what i am suggesting is we are not helping by withholding code that can be used for maliscious purpose, we are in fact driving the good people over to be influneced by the bad.  The old saying is true: "If you want to know who you are, look at your friends".  We all know who their friends will be at the hacker sites.  Maybe we can be better friends who help and educate them.  And we have to realize that each is responsible for what they do with the information.  We cannot control what they do, but we can educate them.  The truth is the information is out there already, we need to focus on helpiing the situation and not making it worse.  We are not here to police, we are here to help and educate.  Period.

    Peace
    FREE DEVELOPER TOOLS, CODE & PROJECTS at www.srsoft.us Database Code Generator and Tutorial
    04 Aralık 2009 Cuma 14:29
  • In the C# forum we recently had an individual who was wanting to write code so that his "little sister couldn't use his computer" when he was not around.  He wanted to be notified when she logged on, observe what she did, log all keystrokes, log all web visited pages, and prevent his program from showing up in the Task Manager.  Also, wanted it to be prevented from being stopped remotely.  Said that his kid sister was 6 years old.  Riiiiiight. 

    Another recent candidate wanted to be able to monitor his anti-virus scanning software.  Claimed that he wanted to capture and analyze the viruses that it found before the software disposed of it.  Said that he need to be able to stop the anti-virus scan from detecting his code as a virus. 
    Riiiiiight. 

    That is the type of stuff that I had in mind. 

    Assuming you knew the answers, would you be willing to help those people?  We have a current thread right know from someone who is looking for a way to turn those security images you see on web sites---please type the characters that you see in the box ---into an image object so that they can "enlarge it" and  read it as text for those who are disabled. 

    Would you help that person?  Not me.  I don't know how to do that, anyway. 
    And, now they're angry and in a big huff again because no one has given them an answer. 
    The thread is 18 months old.  Would you help that person?  Not me.
    Might be genuine, but it doesn't matter to me.  You should not post such stuff in a public place.

    Mark the best replies as answers. "Fooling computers since 1971."
    04 Aralık 2009 Cuma 14:43
  • @Jeff -> For what it's worth, I completely agree with you.

    "When all one has in their toolbox is a hammer, everything begins to look like a nail."
    04 Aralık 2009 Cuma 14:55
  • The old saying is true: "If you want to know who you are, look at your friends".

    I guess I am just not interested in making friends with modern day hackers.
    Mark the best replies as answers. "Fooling computers since 1971."
    04 Aralık 2009 Cuma 15:00
  • Frank,

    I hear you on that point



    Rudy,

    I have an application i need to make and i have already started on it.  it needs to do the following:
    1. use a web browser to only allow certain sites to be navigated to
    2. monitor the task manager to shut down any other browsers running
    3. start up when any user logs on
    4. monitor the use of the app with screenshots and keylogging
    5. preveent the user from deleting from the startup folder
    6. prevent the user from uninstalling the app
    7. prevent the user from shutting down the app
    8. know when the app is not focused

    All of this makes it sound like some of the viruses i have seen which lock up wiindows and only let you navigate to their website to buy their supposed protection software.

    But in fact it is for a good purpose to monitor my kids activity on the web for their protection and mine.

    So my answer is yes i would help those people.  Now don't get me wrong if someone is asking for these types of code and what they say just doesn't make sense and i know they are fluent in english and can convey what they want properly, but they keep changing their story or it absolutely looks as being for maliscious purpopse then i am inclined to not want to help out of suspiscion.  I just am not able to know for sure unfortunately.

    We can't assume what we read is "saying" someting it is not.  It is hard enough to read people when you talk to them face to face.  I have a hard time conveying what i mean many times here in the forum.  Many here are also not fluent in english or do not understand grammer or how to translate their words into english.  They may even be fluent in english but not be able to write properly.  Maybe they type too fast like i do and word their intent incorrectly.  Or maybe they think they have to make up a story in order to get help because they know it will be assumed they are trying to be maliscious with the code.  Some may be young kids with an interest in hacking.  They may just want to learn about it though, and not necessarily use it for that purpose.  Wouldn't be any different than an interest in anything else.  Pushing these young kids over to hacker sites it definetely a bad step in developing their easily influenced minds.  They will certainly get an education over there on how to be maliscious.

    I guess you just have to go with your gut at the time.  I'm just not sure it is a good thing to start out with the mentality that you know their intent based on their words.  If i were to take the words written in posts as they way they seem to sound, i would be angry at a lot of people here.  I probably would have left the forum long ago.

    I understand your side of it though.  So i am not against you, i just feel we should not be so judgemental.  Many times it may be a "wolf in sheep's clothing" but may instead be a "sheep in wolf's clothing".

    You just have to do what you feel is right though.  Can't blame you for that.

    Maybe another option is to direct these people over to some ethical hacking sites.  I don't know of any but i know they are out there.  Atleast they could get help there by hopefully some good intentioned hackers and be informed on all sides.


    FREE DEVELOPER TOOLS, CODE & PROJECTS at www.srsoft.us Database Code Generator and Tutorial
    04 Aralık 2009 Cuma 15:32
  • "I just am not able to know for sure unfortunately. "

    Who's being judgmental?  I am not judging anyone.  You don't have to.
    I've already agreed with that point you made, "... just don't know for sure unfortunately."

    My point all along has been simple. 
    Their intentions are actually irrelevant. 
    We don't have to judge these individuals.....So, I don't.

    And there are ways to assist folks with issues such as yours without posting actual code.
    Most of what you are trying to do is more easily handled externally, than internally.
    Ever hear of WebSense , or any similar products?  The code doesn't run on the user's machine.
    Most of those hurdles you are trying to overcome are simply don't exist.

    Rudy
    Mark the best replies as answers. "Fooling computers since 1971."
    04 Aralık 2009 Cuma 15:52
  • Who are you judging?

    What is code without intent?

    Here are some things to think about:
    Other solutions being available has nothing to do with what i want to do
    I don't want to use other solutions
    I want to create my own
    It's my choice
    etc...
    FREE DEVELOPER TOOLS, CODE & PROJECTS at www.srsoft.us Database Code Generator and Tutorial
    04 Aralık 2009 Cuma 16:37
  • I have an application i need to make and i have already started on it.  it needs to do the following:
    1. use a web browser to only allow certain sites to be navigated to
    2. monitor the task manager to shut down any other browsers running
    3. start up when any user logs on
    4. monitor the use of the app with screenshots and keylogging
    5. preveent the user from deleting from the startup folder
    6. prevent the user from uninstalling the app
    7. prevent the user from shutting down the app
    8. know when the app is not focused

    All of this makes it sound like some of the viruses i have seen which lock up wiindows and only let you navigate to their website to buy their supposed protection software.

    But in fact it is for a good purpose to monitor my kids activity on the web for their protection and mine.



    Installing clandestine software on someone's computer without their knowledge is malicious, irrespective of the relationship of the user to the installer.
    04 Aralık 2009 Cuma 16:44


  • Jeff, let suppose that you are a member of and have a user account that contains some personal info.

    Now let suppose that somebody post here and ask if it is possible for him to log in is account without the credencial.

    And that I do answer Yes and explain how to do it.

    If following this you have your info stolen and bank accounts empty and receive some bill from 500 credit cards and etc ...

    Do you still think that I did the right thing to answor this person.


    -----------------------
    I believe that with the knowledge of the computer programmation, comes a responsability

    04 Aralık 2009 Cuma 16:49
  • John, 

    I tell my kids i monitor them but i don't have to.  at my clients requiest i also add logging features to track employee use of software.  Some employees know about it but they don't have to tell them.

    In my home or business i have the right to monitor what happens and protect it.  with or without your knowledge. 



    Crazy,

    Someone who has the ability to get their login information from the person or business they hold the account with is not the same thing.  That is a blatent maliscious intent.  There really is not a good purpose for that if they can get the information the correct and legal way.

    There are different circumstances that a user does not have access if they lose their password such as with Excel workbooks.  I am not aware of any way to get it back without a hack of some kind.
    FREE DEVELOPER TOOLS, CODE & PROJECTS at www.srsoft.us Database Code Generator and Tutorial
    04 Aralık 2009 Cuma 17:40


  • Jeff, let suppose that you are a member of and have a user account that contains some personal info.

    Now let suppose that somebody post here and ask if it is possible for him to log in is account without the credencial.

    And that I do answer Yes and explain how to do it.

    If following this you have your info stolen and bank accounts empty and receive some bill from 500 credit cards and etc ...

    Do you still think that I did the right thing to answor this person.


    -----------------------
    I believe that with the knowledge of the computer programmation, comes a responsability




    No.  I don't think you did the right thing.
    Again, the intent of the individual asking the question is irrelevant in my opinion.

    Suppose the person in Crazypennie's scenario had good intentions, whatever they might have been.
    But, now along comes someone with the screen name RoboCrook, sees the info, and commits crimes with it.
    They don't even have to log into the web site to get the info.

    What is the difference between the two scenarios?  None.
    There really isn't any difference when you boil off the fat.
    Someone posted code that could be put to malicious purposes, someone saw it, and committed crimes.
    What difference did the intent of the person asking the question make?  None.


    Mark the best replies as answers. "Fooling computers since 1971."
    04 Aralık 2009 Cuma 18:02
  • ...and now RoboCrook goes back to his favorite hacker site and posts the code for others to abuse.


    Mark the best replies as answers. "Fooling computers since 1971."
    04 Aralık 2009 Cuma 18:10

  • In some way, some knowledge is like having a gun, You cannot put it in a public place where any one can pick it and then say if somebody gets kill, "It's not my fault"
    04 Aralık 2009 Cuma 18:18
  • We can't "baby" a grown up world, we have to educate it.


    Do we:
    - pick up all the rocks because someone might find one and thorw it at someone?
    - put round ends on all the sticks because someone may poke someone?
    - make everything flat because someone may trip over an edge?
    - shut down the internet because someone may use it to send spam or hack an online system?
    - stop making computers because hackers use them?
    - stop making development software because it can be used by hackers?


    Do we blame those who:
    - invented computers?
    - sell computers?
    - gives one to a friend or relative?
    - leave computers in the open for someone to take?
    - created the internet?
    - sell internet access? 
    - create development software and give it away for free in the public?



    What we need to focus on is not having to watch where we leave things, but instead, educating those who would find it.  Hiding something is not going to fix or change it.  Education will.


    FREE DEVELOPER TOOLS, CODE & PROJECTS at www.srsoft.us Database Code Generator and Tutorial
    04 Aralık 2009 Cuma 19:52

  • I see your point of view, Jeff.  And agree with all of that stuff.  It just doesn't apply.

    Who suggested picking up your metaphorical rocks so folks won't trip or throw them?  Quite the opposite for me.
    If anything, my position advocate when you discover new rocks pick them up and put them away so as not to endanger others.

    In the United States, there is lively debate over gun control.
    The guns don't kill.  The people who abuse them do.
    Gun advocates want everyone to be able to be armed to the teeth.  They advocate free access to guns.
    These advocates have traditionally won the argument because the Constitution is on their side.
    The United States has more murders from gun shots per capita than any other country in the world.
    The advocates say the cure is to educate gun owners, allow people to have bigger guns, and more freedom to use them.
    Gun advocates have had there way in recent years.  The murder rate from gun shots is at an all time high, and rising.

    My point is simple.  The guns are not killing people.  The people who possess them are killing.
    There's an old saying about those who seek power.  "Power corrupts, and ultimate power corrupts absolutely ."
    I think that cliche is wrong.  It is like saying that those who get the guns and kill, kill because they get the guns.

    I don't believe that power corrupts no more than anyone who owns a gun collection would become a serial murderer.
    I think that phrase should go more like this.  "Power attracts those who are most easily corrupted."
    There are those who, good and bad, who are attracted to power, guns, malware, you name it.
    We should not leave guns, rings of power, and potentially malicious code laying around for the those dangerous corrupted few amongst us.

    Rudy   =8^D

    Mark the best replies as answers. "Fooling computers since 1971."
    04 Aralık 2009 Cuma 20:14


  • jeff

    I don't thing that we should pick the rocks so nobody trip on them, but we should not throw rock around us so people trip on them.

    There is a major difference. You should be able to see it.

    When you have the knowledge, you have a gun. If you handle it in a responsible way, it is a safe object, but if you handle it to any one that may ask for, it is a very dangerous object.

    You are the one that make the knowledge good or bad, even if you are not the hacker
    04 Aralık 2009 Cuma 20:31
  • Rudy,

    I still think that your ambitions, though laudable, are "throwing the baby out with the bathwater".

    Of course I do realize that you've stated (and restated) that you're talking about some of those more obvious things, but at some point there will be something to come along with perfectly benign intentions which will get ignored.

    To each their own though.

    Be well. :)
    04 Aralık 2009 Cuma 20:32


  • Frank,
    it is not a matter to shut up in case we say something that may be harmful,

    it is a matter of being careful
    04 Aralık 2009 Cuma 20:36


  • Frank,
    it is not a matter to shut up in case we say something that may be harmful,

    it is a matter of being careful


    Oh I certainly agree with that, exemplified by something I said yesterday in this thread about someone who wanted to hide their application from showing up in the task manager, but those are the more obviously suspicious ones.

    What I meant is that ... well just off the cuff here but it's not uncommon now that we all use the "AutoFill" as from Google, etc. I have my credit card information in there and it really comes in handy; I like it a lot. That said though, imagine the first guy that came up with that idea. At some point he'd start asking "how do I", mention a form and credit card numbers of others on the internet, etc. Can you imagine the reaction here when those questions came about?

    Probably a poor example but I hope you see what I mean?
    04 Aralık 2009 Cuma 20:42
  • Rudy,

    I still think that your ambitions, though laudable, are "throwing the baby out with the bathwater".

    Of course I do realize that you've stated (and restated) that you're talking about some of those more obvious things, but at some point there will be something to come along with perfectly benign intentions which will get ignored.

    To each their own though.

    Be well. :)



    How so?  You lost me. 
    My position is simple.
     
    1.  The intent of those asking the questions is irrelevant.  Glad to see that no one has questioned that idea.
    2.  We need to be careful about what we leave laying around for the dangerous few amongst us who would do us harm.
    3.  I see no reason to post code any more sophisticated than what is already in the MSDN library.  That my default limit.

    Sorry. 
    If I know that there burglars, murderers, and thieves walking around my house at night, I am not going to leave the keys to my house sitting on the bench of my front porch.  I am not going to advertise to the world the fact that my windows can be unlocked with a strong enough magnet applied in just the right place.

    EDIT:
    I am not concerned about those with benign intentions seeking potentially malicious answers.  I feel sorry for them, I do.  The info can be gained on their own with a little more hard work in most cases.  The age of instant information gratification is here and not going away.

    This type of debate is not new or exclusive to software.  It is contested across most all of the natural and physical sciences.  Geneticists debate about cloning info.  Physicists debate about nuclear info.  Engineers debate over new breakthroughs.  I see this as no different.


    Mark the best replies as answers. "Fooling computers since 1971."
    04 Aralık 2009 Cuma 20:51
  • I understand your position.

    Thanks :)

    04 Aralık 2009 Cuma 20:57
  • It is frustrating to have someone react with hostility when questioned about the motive behind what I consider to be suspicious intent.  Particularly as I'm here as a volunteer.

    I see several classes of (potential) abusers and I agree that it can be hard to separate an abuser from someone doing something legit.

    There is the semi-pro who wants information on dll injection, process hiding, message pump manipulation.
    There is the semi-novice who wants information on enumerating and manipulating files and the registry and sending keys

    I see both as potential threats and the reason is that there are plenty of attack vectors that just require a payload of choice.

    I am not opposed to anyone creating a custom browser for their children, but I might be weary of assisting someone wanting to log all keyboard activity even if they were using the information to make things safer for their kids.

    Helping that person enables the funboy to find the same information to couple with an attack vector from a hacker site.
    04 Aralık 2009 Cuma 21:09

  • Unfortunately I feel the operating system is partly to blame here because it has hooks that allow key logging to happen! The cash machine down the road runs on Windows (saw it crash once) ... the ability to log key presses on a cash machine!! (hope that didn't give anyone ideas). So I'm blaming the lovely nice folk at Microsoft to a degree, as these sort of security gaps in the OS should be opt-in rather than opt-out. If the machine needs key logging then it can be added, if not it stays off.

    Ok thats not the point. These holes are there so do you tell someone how to get through them?

    Well I'm guessing the information is already out there. If someone wants to do it then they will find out how to do it somewhere (CodeProject probably). The way I see it the experienced 'hackers' out there wouldn't share their knowledge with the noob 'hacker' until they earned it by gaining a certain level of knowledge first.

    I wouldn't help someone who posting question like the above examples as the noob 'hacker' obviously hasn't done any research themselves on the topic; by simply searching on code project or google for example. Tend to not help anyone who hasn't done any leg work themselves, to a reasonable degree depending.

    Of course we cannot be too hasty as the person posting might to oblivious and nieve to the security risk involved.
    • Düzenleyen Derek Smyth 04 Aralık 2009 Cuma 23:03 dodgy grammer.
    04 Aralık 2009 Cuma 23:00
  • Derek,

    That is what's so difficult, the information is out there and abundant.  There really isn't anything i have yet to be stumped on with a simple Google.

    I have a keylogger sample from a few years ago that i found with a simple search.  Didn't take me but about 10 minutes to search, find and create a keylogger applicaiton.





    I think we need to place all the world's important and hush hush information in a "Lock Box" and bury it in the backyard, with a dog, which doesn't dig, to guard over it.  It's the only logical solution.

    In the mean time I will start placing corks on the end of all knives and forks, rounding the points on the tree branches and fallen sticks, dismantling all cars on the road and planes in the air, locking all gas pumps, wrapping everyone in protective bubble wrap suts, building a huge bunker to store all matches and lighters, and any other similar items, prevent people from talking to one another to stop confrontatioin and disagreement, and...

    I had thought maybe it would be better to start educating people instead, but that just doens't make any sense at all.  The "Lock Box" however, there is no denying the logical perfection there.

    :-)

    Peace All


    FREE DEVELOPER TOOLS, CODE & PROJECTS at www.srsoft.us Database Code Generator and Tutorial
    04 Aralık 2009 Cuma 23:51
  • Derek,

    That is what's so difficult, the information is out there and abundant.  There really isn't anything i have yet to be stumped on with a simple Google.

    I have a keylogger sample from a few years ago that i found with a simple search.  Didn't take me but about 10 minutes to search, find and create a keylogger applicaiton.





    I think we need to place all the world's important and hush hush information in a "Lock Box" and bury it in the backyard, with a dog, which doesn't dig, to guard over it.  It's the only logical solution.

    In the mean time I will start placing corks on the end of all knives and forks, rounding the points on the tree branches and fallen sticks, dismantling all cars on the road and planes in the air, locking all gas pumps, wrapping everyone in protective bubble wrap suts, building a huge bunker to store all matches and lighters, and any other similar items, prevent people from talking to one another to stop confrontatioin and disagreement, and...

    I had thought maybe it would be better to start educating people instead, but that just doens't make any sense at all.  The "Lock Box" however, there is no denying the logical perfection there.

    :-)

    Peace All


    FREE DEVELOPER TOOLS, CODE & PROJECTS at www.srsoft.us Database Code Generator and Tutorial


    Now you're talkin' Jeff! ... great idea!

    Know what? The best anti-virus remedy it to unplug your internet connection. In fact - the heck with it, let's be REALLY protective, let's just shut the computers off! Yea!



    ...as facetious as all of this is - that's been my point all along about throwing the baby out with the bathwater. At what point do we stop being so paranoid about what the posting of code *might* end up being? Even a simple file operation could be used for evil purposes, so do you not explain how to delete a group of files? I mean, c'mon.
    05 Aralık 2009 Cumartesi 00:00


  • Jeff, let suppose that you are a member of and have a user account that contains some personal info.

    Now let suppose that somebody post here and ask if it is possible for him to log in is account without the credencial.

    And that I do answer Yes and explain how to do it.


    If, as a result of your reply (which was what he had been told, but didn't believe until you proved it) he put all that personal information into a secure encrypted folder and saved himself a lot of time and trouble when his machine was subsequently hacked, then I think you did exactly the right thing to answer that person. 

    It woud be extremely difficult to accurately predict which of those two outcomes would result from your reply.

    Each queston must be judged as a separate issue, and people will come up with different judgments.  What seems like hacking to one is a perfectly legitimate activity to another.  For isntance, the example quoted at the top ("to be notified when she logged on, observe what she did, log all keystrokes, log all web visited pages, and prevent his program from showing up in the Task Manager") almost exactly describes a program that is required to be installed on PCs used in Government schools!


    05 Aralık 2009 Cumartesi 00:18


  • Acamar,

    my reply if I do it, will be the cause of both, saving the information of that one user, and the lost of of the information privacy of the the thousand other user
    05 Aralık 2009 Cumartesi 00:43
  • Answer me this....

    Does the intent of the OP make a difference?
    You already know that I say, not.  What do you say?

    Mark the best replies as answers. "Fooling computers since 1971."
    05 Aralık 2009 Cumartesi 01:44
  • Answer me this....

    Does the intent of the OP make a difference?
    You already know that I say, not.  What do you say?

    Mark the best replies as answers. "Fooling computers since 1971."


    Rudy,

    Who are you asking?
    05 Aralık 2009 Cumartesi 01:48
  • Anyone who reads it.
    Mark the best replies as answers. "Fooling computers since 1971."
    05 Aralık 2009 Cumartesi 01:57
  • Anyone who reads it.
    Mark the best replies as answers. "Fooling computers since 1971."

    Glad you asked ...

    Rudy, let me start by saying that you are, without a doubt, one of the most knowledgeable people ON this forum. I've said before and will again that I'm appreciative of your involvement and I don't say that as some sort of conciliatorily bunch of nonsense here; I'm very sincere.

    To continue, I believe that it's due to that vast knowledge that's made you wary of answering certain queries. YOU KNOW - above others - what the possible impact may be IF someone with nefarious intentions happens to stumble across the thread (eventually Google will spider it). I understand completely, and you've been clear on that point from the start.

    That said however, my point is that while that might be true, will you therefore deprive the thousands of others who are looking for an answer that you can supply when THIER intentions are anything but villainous?

    As I said earlier, I think that your intentions are notable but I just think that you're swinging the pendulum too far in the other direction.

    I've given my two cents worth on this thread so much that I'm now up to several dollars so I'll shut up on it.

    I just think that you might want to reconsider.

    05 Aralık 2009 Cumartesi 02:04


  • So Rudy,

    I dont get it neither but if we need to reconsider, let start a hacker thread, it will be done once for all..

    Let see what I have to start,

    -I can start with the code of the 130 byte application,

    -also, I found a hole in the Excel security, I can pass thru the pasword in just a few secondes, this one is working with all the excel version, even 2007 where they try to improve this security.

    -Of course, the classic, keylogger and internet logger.

    -I also have a very nice method to take remotly the control of a computer.

    What do you have ?

    05 Aralık 2009 Cumartesi 02:32
  • not to add more fuel to the fire, because everyone on this thread has my utmost respect - and everyone's opinion is valuable.

    But, thoughts...


    http://social.msdn.microsoft.com/Forums/en-US/vbgeneral/thread/4d415b37-4753-458c-ad4b-89657c8fa7a9



    Sometimes when I see words like Hidden and Block...it makes me pause.  Like the thread someone referred to above where the OP wanted to "hide" it from his kid sister.
    05 Aralık 2009 Cumartesi 02:43


  • Ya, I found this thread funny and just on the right  timing
    05 Aralık 2009 Cumartesi 02:48
  • not to add more fuel to the fire, because everyone on this thread has my utmost respect - and everyone's opinion is valuable.

    But, thoughts...


    http://social.msdn.microsoft.com/Forums/en-US/vbgeneral/thread/4d415b37-4753-458c-ad4b-89657c8fa7a9



    Sometimes when I see words like Hidden and Block...it makes me pause.  Like the thread someone referred to above where the OP wanted to "hide" it from his kid sister.

    i am Wrong here ?

    Dont Scared With My Silly Example. LOL
    05 Aralık 2009 Cumartesi 02:49
  • not to add more fuel to the fire, because everyone on this thread has my utmost respect - and everyone's opinion is valuable.

    But, thoughts...


    http://social.msdn.microsoft.com/Forums/en-US/vbgeneral/thread/4d415b37-4753-458c-ad4b-89657c8fa7a9



    Sometimes when I see words like Hidden and Block...it makes me pause.  Like the thread someone referred to above where the OP wanted to "hide" it from his kid sister.

    Dang it Joe you made me break my word :D

    I saw that thread also and wondered about it (and didn't add anything to the thread), but those which are dubious ... what's the right approach? Stay silent? Ask their intent (and if so, do you believe them?, or for that matter is it any of our bee's wax what their intentions are?)

    I don't propose to know the answer here, I just don't believe that a one-size-fit-all approach of "safety first" is appropriate either. It leaves too much out.



    (By the way, I was hoping that you'd jump in - I'd enjoy your input on it all)
    05 Aralık 2009 Cumartesi 02:50


  • I saw that thread also and wondered about it (and didn't add anything to the thread), but those which are dubious ... what's the right approach? Stay silent? Ask their intent (and if so, do you believe them?, or for that matter is it any of our bee's wax what their intentions are?)

    I don't propose to know the answer here, I just don't believe that a one-size-fit-all approach of "safety first" is appropriate either. It leaves too much out.



    (By the way, I was hoping that you'd jump in - I'd enjoy your input on it all)

    That's the sticking point here - none of us know that answer. So we all have to handle it how we see fit, based on our own internal criteria. I can't make anybody else follow what I do.

    But if I see words like Hidden and Block an application, and the "story" doesn't make sense, I will post that I have some reservations about the question. Like I pointed out - why does it need to be hidden if it's only on your computer? Now tell me, what part of that makes any sense at all?

    As far as their intentions - it doesn't matter to me. The way I look at it - they might develop an app at some point that infects MY computer. I spend lot's of money every year to keep my computer safe - I'm not going to help someone breach that.

    And sorry to disappoint you Frank - Rudy and Derek and Jeff and Pennie in this thread, and many others on the Forum, could code circles around me, with their eyes closed, and one hand tied behind their back. So my input as far as the technicalities go would be useless. I just listen to my insides because I can't rely on my brains in this case.
    05 Aralık 2009 Cumartesi 03:18
  • not to add more fuel to the fire, because everyone on this thread has my utmost respect - and everyone's opinion is valuable.

    But, thoughts...


    http://social.msdn.microsoft.com/Forums/en-US/vbgeneral/thread/4d415b37-4753-458c-ad4b-89657c8fa7a9



    Sometimes when I see words like Hidden and Block...it makes me pause.  Like the thread someone referred to above where the OP wanted to "hide" it from his kid sister.
    yes i saw "i m using it only on my PC"
    Because Only My E drive contain Game

    i m make this application for my pc . 

    like i have game in E drive
    E:\IGI\pc\igi.exe
    05 Aralık 2009 Cumartesi 03:24
  • I actually agree with what EVERYONE here has said.

    I DO understand the worry about safety and - like you said - it'd be my luck that some fool would do something that I helped with to do harm with my computer and nearly five terabytes of hard drives, yada yada. Mr. Murphy does have a way of seeking me out.

    But Rudy is proposing, essentially, "if in doubt, don't answer" and for a guy who could write BOOKS on this stuff - I just think that's a shame, that's all ... not saying he's wrong mind you, I just say (selfishly as I want to learn) that I think it's a shame.

    Many here - as you enumerated and many others too - likewise have vast amounts of knowledge about all of this. Did you see some of the stuff that John Anthony and Dig-Boy did a few weeks ago? Man I couldn't come up with that in a hundred years! I don't want to lose that sort of resource because it *just might* be put to bad use, and that's really my only point that I've been trying to make.

    So in the end, in the words of Hamlet, "To Thine Own Self Be True".

    Thanks for replying.
    05 Aralık 2009 Cumartesi 03:32


  • On this Frank I see your point, In fact,this is the only reason you do see me in this forum, It is to see the code that write some people here
    05 Aralık 2009 Cumartesi 03:41


  • On this Frank I see your point, In fact,this is the only reason you do see me in this forum, It is to see the code that write some people here

    :)

    You're one of the "heavy-hitters" whose posts I watch.

    There is no definitive answer to be had here, I realize that.

    I just hope that folks like you and the many many others here don't "dry up" because of something that some idiot might do with it. The whims of others are outside anyone's control.
    05 Aralık 2009 Cumartesi 03:45
  • Well, here's a novel idea:


    Uninstall it if you don't want it to run


    Again your argument makes no logical sense
    05 Aralık 2009 Cumartesi 03:48
  • Many here - as you enumerated and many others too - likewise have vast amounts of knowledge about all of this. Did you see some of the stuff that John Anthony and Dig-Boy did a few weeks ago? Man I couldn't come up with that in a hundred years! I don't want to lose that sort of resource because it *just might* be put to bad use, and that's really my only point that I've been trying to make.

    So in the end, in the words of Hamlet, "To Thine Own Self Be True".



    And you won't lose those resources - because you're not going to ask that type of question ... I think.

    Then again, maybe you are.

    Oh man, the paranoia is getting worse - time to up the dose of Prozac.

    But seriously, the types of questions you would need code for will be freely supplied by all concerned. Because they make logical sense to be used in a useful app.

    What would you need  the code for, to develop a HIDDEN app that BLOCKS other apps from running? Can you give me any reason you would need this?
    05 Aralık 2009 Cumartesi 03:56


  • Well jwavila,

     since this OP could get the problem of his TXT files that were running in his computer by finding them in the process running of his Task Manager and by using process.kill,

    I dont think that he need to uninstall

    lol

    I kind of see the idea
    05 Aralık 2009 Cumartesi 03:57
  • @ Frank

    As you said, i just dont want to be the one who explained to the guy who erased my computer files, or empty my bank accounts, how to do it. 
    05 Aralık 2009 Cumartesi 04:08
  • yes i saw "i m using it only on my PC"
    Because Only My E drive contain Game

    i m make this application for my pc . 

    like i have game in E drive
    E:\IGI\pc\igi.exe

    Pennie

    this is what I was referring to...

    let's see... I have a game on my E drive I don't want to run.

    My options are:

    1. Go through the process of writing an app, figuring out how  to hide itself from Windows, and figure out the process of blocking an .exe file or block a .txt file or ... and then taking the time to debug, etc until it functions properly.


    2. Click 1 button in Control Panel to uninstall it.


    Sorry, maybe I'm being really dense here, or really something, but I just don't get it.
    05 Aralık 2009 Cumartesi 04:15


  • ShariqDON neither never got it !
    05 Aralık 2009 Cumartesi 04:37

  • this is what I was referring to...

    let's see... I have a game on my E drive I don't want to run.

    My options are:

    1. Go through the process of writing an app, figuring out how  to hide itself from Windows, and figure out the process of blocking an .exe file or block a .txt file or ... and then taking the time to debug, etc until it functions properly.


    2. Click 1 button in Control Panel to uninstall it.


    My Windows Media Player is misbehaving.  It will continue running in the background, taking up CPU and memory after I close it.   The UI has gone away and there doesn't seem to be a way to bring it back.   It won't restart, presumably because it sees there is an instance already running.  It can't be shut down without starting Task Manager and selecting the process and terminating it, or rebooting.  I don't want to uninstall it - I use it a lot.  It would be really useful if I had a desktop icon that I could click to launch a program that then terminates WMP.  It doesn't need any UI or any indication of what it is doing - just terminate WMP and go away.

    I don't know whether this is a difficult task or not - maybe it's really easy if someone will just tell me how to do it.

    That's why you will never get agreement on what constitutes a reasonable request for information or an attempt to construct malicious code.   Everyone has to make their own call.
    05 Aralık 2009 Cumartesi 05:00
  • I doubt the brains of the forums will stop posting if something seems dodgy on a post.... I think they would ask more questions; like jwavilla did that time in the thread link posted above. Check it out first.

    another way I see it is if someone with no medals, joined 2 days ago, and has made 3 posts asking about keylogging then it should be treated dodgy.. if the person has a few medals or is known and more trusted then I would help them, but I'd want to know more because there could be a better solution. The information is out there and the problem of putting it in a box and burying it is it becomes the holy grail, it has everyones attention. Better to scatter this information to the winds. The operating system should be more secure! people should stop running as administrator, people should not install applications they don't trust.... don't open exe's emailled to you !!!
     
    THE COMPUTER USER NEED TO PROTECT THEMSELVES. (THE OS SHOULD DO IT FOR THEM) 

    I knew a chap once who decided to learn how to write a virus. He downloaded some source code, read it a bit, compiled it, and then ran it (the idiot).
    Infected his own machine, lost all his Uni work!

    I want to learn about viruses because they are extremely clever pieces of software; but I would never intentionally infect anyone, except myself.

    THEY AREN'T HACKERS !!! 

    I guess you can't stop people from being a__holes.

    What was the question again?
     
    05 Aralık 2009 Cumartesi 11:47

  • Derek,

     

    Here my point of view the person that is interrested in the "How a keyboard logger works" will have to start with a certain knowledge of the language.

    One that cannot program, will not be interrested about readind or learning the code itself.

    And, if somebody know how to code, the question will not be " How do I do a KeyLogger", it will be something like "How do i declare the delegate for the call back"

    What make me suspicious is when the OP show no or little knowledge of the language.

    05 Aralık 2009 Cumartesi 14:43


  • Jeff, let suppose that you are a member of and have a user account that contains some personal info.

    Now let suppose that somebody post here and ask if it is possible for him to log in is account without the credencial.

    And that I do answer Yes and explain how to do it.

    If following this you have your info stolen and bank accounts empty and receive some bill from 500 credit cards and etc ...

    Do you still think that I did the right thing to answor this person.


    -----------------------
    I believe that with the knowledge of the computer programmation, comes a responsability





    I enjoyed reading your posts.  Different ideas and perspectives.
    Experience matters not, because some of us old dogs just might be too set in our ways.

    "Suppose the person in Crazypennie's scenario had good intentions, whatever they might have been.
    But, now along comes someone with the screen name RoboCrook, sees the info, and commits crimes with it.
    They don't even have to log into the web site to get the info.

    What is the difference between the two scenarios?  None.
    There really isn't any difference when you boil off the fat.
    Someone posted code that could be put to malicious purposes, someone saw it, and committed crimes.
    What difference did the intent of the person asking the question make?  None."


    Most of the discussions take into account the OP's purposes, and how difficult it is to ascertain what they are.
    We would judging people, and I don't feel that is our place.  
    Some folks seem concerned about judging the person fairly.  I don't know how to do that.
    Perhaps I have rationalized my self into believing that the person's intent is truly irrelevant.
    But, I have not read anything to convince me otherwise.

    Thanks, Rudy

    Mark the best replies as answers. "Fooling computers since 1971."
    05 Aralık 2009 Cumartesi 16:53
  • I knew a chap once who decided to learn how to write a virus. He downloaded some source code, read it a bit, compiled it, and then ran it (the idiot).
    Infected his own machine, lost all his Uni work!

    I want to learn about viruses because they are extremely clever pieces of software; but I would never intentionally infect anyone, except myself.


    What was the question again?
     

    Derek,
      Thanks.
      Laughed so hard, I couldn't work for a few minutes.
     
      Reminds me of the story about the terrorist who mailed a letter bomb - without enough postage.
      Well, of course the letter was returned due to insufficient postage.
      He was so excited he got a letter in the mail...

      You can guess what happened next.

      So, what was the question again?

      @Acamar

    from the OP's original post:
        who i already have instaled
        or 
        any file , like .exe , .txt 

      In my opinion there is a big difference in saying what you did about WMP, and asking a generalized question like I want a Hidden app that will block any file. And having a desktop icon to me is not hidden. But you do give a good example of what could be wanted. 

    So maybe it's a question of being able to comunicate clearly. But don't get me started on that; that's a whole other issue for me. I live in Alto Mexico, oops, I mean California. And work in HealthCare. Do you know how hard it is to provide HealthCare with a language barrier? And I don't mean an accent or maybe mixing the order of words in a sentence. I mean NO English at all. Errors in this case don't mean a wiped out harddrive.

      Maybe I'm being overly harsh. But I take my computer safety seriously. Too much personal info for someone to steal. All I'm saying is the original question and subsequent clarification did not make me feel any better.

     I agree not everyone has malicious intent. We just don't know. Since writing code is a logical process - use that logical process when evaluating a question. And in the thread above the cons outweighed the pros for me.

     

    05 Aralık 2009 Cumartesi 18:03
  • Joe,

    Nashville here - yea I can imagine what you're saying being in your location but that seems to be the way these days. Obviously that's a whole other topic of discussion, so back to the point that Rudy has made in this:

    His point is that it matters not WHAT the OP's intentions are - good or bad - his concern is that someone else with evil thoughts might stumble across the thread, be able to use that snippet of code to then propogate the next wave of viruses that plague us as an example.

    I do understand that completely and I don't have a solution to offer, but - I still think that it would be unreasonably unfair to use that justification to therefore deprive the thousands of other well-meaning people (like me!) who may find use from the code.
    05 Aralık 2009 Cumartesi 19:00
  • Ya know, I just read through the stuff I've written in this thread....and I sound like a Borg.
    Mark the best replies as answers. "Fooling computers since 1971."
    05 Aralık 2009 Cumartesi 19:49
  • a link to tell software developers what a Borg is? a futile maneuver.
    05 Aralık 2009 Cumartesi 21:49
  • An article i read recently about the processor developers such as intel making efforts into the technology of implanting chips into the brains of people, to help those who have become paralyzed, be able to use computerized prosthetic limbs, and i believe their own as well, by remapping, etc...

    So here is a difficult question that is not much different than posting code with potential harm.  Do we allow this technology to be created and known in order to help many people, or do we stop it now because the technology could also be used to control those who use it?  And i am sure this could also spawn a whole list of other possible good and bad potentials.
    FREE DEVELOPER TOOLS, CODE & PROJECTS at www.srsoft.us Database Code Generator and Tutorial
    05 Aralık 2009 Cumartesi 22:05
  • In my opinion there is a big difference in saying what you did about WMP, and asking a generalized question like I want a Hidden app that will block any file. And having a desktop icon to me is not hidden. But you do give a good example of what could be wanted. 


    But the example works both ways.  The WMP request sounds perfectly proper and responsible.  The answer will give OP almost everything he needs to kill any application he wants, and an innocent-sounding follow up on how to make the program resident and auto-starting would pretty much complete the picture.

    And even if OP's requirement was genuine, the answer is on file for anyone else to use however they want.  So is there really such a big difference between the actual post and my theoretical one?

    It's seems very negative to simply say "there's no reliable way to predict whether the information will be used for good or ill", but that's the actual situation.
    05 Aralık 2009 Cumartesi 23:02
  • An article i read recently about the processor developers such as intel making efforts into the technology of implanting chips into the brains of people, to help those who have become paralyzed, be able to use computerized prosthetic limbs, and i believe their own as well, by remapping, etc...

    So here is a difficult question that is not much different than posting code with potential harm.  Do we allow this technology to be created and known in order to help many people, or do we stop it now because the technology could also be used to control those who use it?  And i am sure this could also spawn a whole list of other possible good and bad potentials.
    FREE DEVELOPER TOOLS, CODE & PROJECTS at www.srsoft.us Database Code Generator and Tutorial


    Jeff,

    I meant to comment when I saw this and wasn't able to (issues on a project that I'm involved in PLUS we've been moving - lots of fun there!). At any rate, it reminds me of something that I often deal with at work.

    I design [somewhat specialized] mechanical systems. The advancements that have been made in control technology over just the last several years has tremendously increased my ability to design things which - heretofore - was pointless to because there was no viable way to monitor or control them.

    I'll cut to the chase here and explain how your comment here made me think of this: Many times I have been in meetings with facility engineering and at some point before too long into explaining the proposed system, someone will bring up something like "It's too complicated for us to work on."

    To me that seems STUPID! They're willing to deprive the facility of advancements and improvements because they don't know how to work on it??

    My answer to that - which isn't always successful - is "I'll teach you".

    I think this goes back to something you said earlier in this thread about that very thing. Do we deny all the good that can come about with modern technology for the sake of the possible bad that might come about as a result?

    Rhetorical question I'm sure but thought I'd toss it into to the tank for rumination.
    09 Aralık 2009 Çarşamba 21:05
  • An article i read recently about the processor developers such as intel making efforts into the technology of implanting chips into the brains of people, to help those who have become paralyzed, be able to use computerized prosthetic limbs, and i believe their own as well, by remapping, etc...


    "I'll be back", said the Terminator.   ;)

    I read a book some 15-20 years ago about some renegade hackers.  (I'll post the name later on.)  It turns out that years ago someone developed softare/hardware technology to allow quadripalegics and handicapped people to plug their minds into a computer and live a 'normal' life.  The software environment had a name, that I will tell you in a few lines.

    Fast forward in time to these renegade hackers.  It would seem over the course of a century or two the technology had turned into a black market.  People began taking vacations through these systems.  (By coincidence, yet another Arnold Schwarzenegger movie.)  Soon, people began getting addicted to the technology because they could plug in, do some drugs, feel the effects, without ever having to purchase illegal drugs. 

    These later types of software were soon banned.  Other types of illicit software was actually written by other software.  The human race was on the verge of true artificial intelligence, but they still had a ways to go yet.  Their version of the Internet was being used to deliver these software packages to customers at real time.  The name given to these software environments was "Matrix".   The Internet version, to which anyone to jack into and co-exist with others in any type of fantasy environment they wanted known as "The Matrix".  (Arnold was not in that movie.)

    Personally, I think the technology Jeff described is incredible.
    Mark the best replies as answers. "Fooling computers since 1971."
    09 Aralık 2009 Çarşamba 21:31
  • Personally, I think the technology Jeff described is incredible.
    Mark the best replies as answers. "Fooling computers since 1971."


    I agree.
    09 Aralık 2009 Çarşamba 22:07
  • Oops, I responded to the previous thread before seeing the link to the new one. Either way, it was a very interesting read so thanks for the contributions.
    19 Nisan 2010 Pazartesi 14:52
  • I'll just move this to here:

     

    Nothing wrong with posting code that shows you how to delete files, that is already in the MSDN library.

    But, there are a few volatile .NET types and methods in the MSDN library that have little or no documentation much less sample code.  I believe that many of these omissions are not accidental.  (So why was the volatile stuff put into the FCL to begin with?  They are extremely useful, however easily abused. )  One type comes to mind that I won't mention in this thread is far more powerful than the seemingly complete documentation leads you to believe.  The docs describe just a fraction of what it can do.

    Mark the best replies as answers. "Fooling computers since 1971."


    I gotta say, you've gotten me awfully curious with that comment :P.

    About the antivirus comment above... I can definitely see their frustration and desire to prevent an antivirus program from deleting their code, I had a similar problem with Norton just last week, very frustrating. Nevertheless posting code to circumvent that is just blindingly irresponsible.

    To continue chipping in my 2 cents worth (if it's even worth that). "Malicious code" is a very grey area. What might be an april fools prank (a simple looping reboot) between friends could seriously confuse and distrupt a business if someone was so inclined.

    I personally feel that creating something is far more rewarding than breaking it, but I'm still interested in how it's broken. It's certainly more a case of known thine enemy than malicious intent though.

    19 Nisan 2010 Pazartesi 14:56
  • Would you like to know the name of the type/method that I was referring to in the quote you cited?

    Mark the best replies as answers. "Fooling computers since 1971."
    19 Nisan 2010 Pazartesi 15:01
  • Certainly, naturally inquisitive right here :P
    19 Nisan 2010 Pazartesi 16:07
  •  

    HybridDictionary

    That type is way more powerful than what the documentation would have you believe.


    Mark the best replies as answers. "Fooling computers since 1971."
    19 Nisan 2010 Pazartesi 16:20
  • ah, This is actually a type I have used recently, did not imagine it to be more than useful. The documentation is certainly brief and vague though (in my opinion, but I'm still learning a lot, so I need the hand-holding).
    19 Nisan 2010 Pazartesi 16:46
  • The type is not HybridDictionary.  I removed the actual link and replaced it with that.

    Mark the best replies as answers. "Fooling computers since 1971."
    19 Nisan 2010 Pazartesi 16:50
  • I had posted the actual link with a comment that I would delete it in a few minutes. 

    It was actually a Form related method.


    Mark the best replies as answers. "Fooling computers since 1971."

    • Düzenleyen Rudedog2MVP 19 Nisan 2010 Pazartesi 19:45 Changed type name.
    19 Nisan 2010 Pazartesi 17:18
  • This is a sobering thread. It goes without saying that I trust jeff and RudeDog and I hope they trust me.

    This is a judgement thread. Ordinarily I'd like to say, "we'll use our own jugement on this." But then I realize that we're treated as equals here and many of us aren't equals in knowledge. There are people here who will give aid withoutout being fully aware that they are helping people or what a person is asking even.  Security is omnipresent. So what to do?

    Certainly threads like this help. About the best we can do is use our own judgement and we can know our askers. I correspond with Jeff and it's rarer that I correspond with Rudedog, but I do. On the other hand, I don't ask any strange questions either and I've been around since these forums have been here. I have a career in professional developement. Me thinks that makes me a 'source' of information.

    There are thing to watch for. Information flow is key. If you find out that you're giving information and none is coming back to you, you've just been handed a large clue.

    Renee

    19 Nisan 2010 Pazartesi 21:39
  • This is a sobering thread. It goes without saying that I trust jeff and RudeDog and I hope they trust me.

    This is a judgement thread. Ordinarily I'd like to say, "we'll use our own jugement on this." But then I realize that we're treated as equals here and many of us aren't equals in knowledge. There are people here who will give aid withoutout being fully aware that they are helping people or what a person is asking even.  Security is omnipresent. So what to do?

    Certainly threads like this help. About the best we can do is use our own judgement and we can know our askers. I correspond with Jeff and it's rarer that I correspond with Rudedog, but I do. On the other hand, I don't ask any strange questions either and I've been around since these forums have been here. I have a career in professional developement. Me thinks that makes me a 'source' of information.

    There are thing to watch for. Information flow is key. If you find out that you're giving information and none is coming back to you, you've just been handed a large clue.

    Renee

     

    Renee,

    True though all you say is, I was one of the ones in this "debate" arguing your point; that we have to sense what the OP is really trying to ascertain, but Rudy's point - which I finally "got" and cannot honestly argue with - was that this is a publically open forum and literally anyone can access it (they don't even have to log on, just read). So what may seem innocuous for the OP's actual question could, in fact, be used by someone else for nefarious purpose.

    I wish I could disagree with Rudy's point, but he's right.

    I just hate that information that some people like Rudy, Jeff, and certainly you have won't be shared for fear that it may be used by someone else for less than honorable purposes.

    20 Nisan 2010 Salı 00:54
  • The bottom line is, you can't approach software development like an ostretch with his head in the sand (If I don't see it, it's not there, I'm safe).

    I say spread information.. any information.. not all hackers are malicious... some of us actually chase exploits so we can report them.  The sooner these malicious techniques are discovered and used, the sooner counter measures will be developed.

    It is unrealistic to think that you can prevent malicious software by not answering a forum thread.

    Thats my two cents

    Follow me on twitter

    http://www.twitter.com/budbjames 


    Thanks..
    20 Nisan 2010 Salı 02:03
  • To add to my point, why do you think Linux and other open source projects are so stable and secure? Because the moment an exploit is discovered, it is documented and fixed.

    What does windows do? They keep it quiet until they get around to releasing a service pack or update.. by then 10 more exploits have been discovered..

     

    Follow me on twitter

    http://www.twitter.com/budbjames 


    Thanks..


    Thanks..
    20 Nisan 2010 Salı 02:06
  • Actually, I'm not afraid. For one thing, I don't go but to technical sites which are strangley popular. I hate to say it, but that's key.

    Renee

    20 Nisan 2010 Salı 02:28
  • Certainly threads like this help. About the best we can do is use our own judgement and we can know our askers . I correspond with Jeff and it's rarer that I correspond with Rudedog, but I do. On the other hand, I don't ask any strange questions either and I've been around since these forums have been here. I have a career in professional developement. Me thinks that makes me a 'source' of information.

    There are thing to watch for. Information flow is key. If you find out that you're giving information and none is coming back to you, you've just been handed a large clue.

    Renee

    I'm certainly new around here (intend to be here more often though), so this response just made me think: "That's fine when it's between you guys who have years of experience, but I'm honestly coming in here with very little knowledge and the goal of learning. So what do _I_ have to offer? Lets face it, I'm here to ask some of the 'stupid' questions. I'm quite happy to give back what I can, but that really might not be much."

    How does your information flow idea work between a career professional and a wet behind the ears novice? (I'll catch up, just give me time ;P )

    20 Nisan 2010 Salı 03:45
  • bjames,

    I don't think that. But I do think that we can slow it down by not discussing it too much and I mean 'here'.

    We have to get away from binary thinking that we're going to eliminate it because we wont. But we can keep the spread low here and that's what we need be concerned with. Not the elimination of but also not be a place of dissemenation. It returns to judgement and responsible behavior on all of our parts.

    Renee

    20 Nisan 2010 Salı 04:38
  • With great power comes great responsiblity.
    20 Nisan 2010 Salı 07:37
  • I have to agree with everyone but I have one question.

     

    What if someone asks how to get the name of a computer and the username from a computer and other information with out saying they want to know the IP Address etc?

    Would I tell them that I won't help or would I tell them to use

     

    TextBox1.Text = Environment.Is64BitOperatingSystem.ToString()
    TextBox2.Text =Environment.MachineName.ToString()
    TextBox3.Text = Environment.OSVersion.ToString()

     

    As I don't know if they have malicious intent or not.

    The code above could be used just to gather information about their own PC or it can be used in a Remote Access Trojan, Keylogger etc

    Every last bit of code that can be used with vb6 or vb.net can be used in Malicious applications as well as programs that have been created with good intent.

     

    As a lot of people in these threads have stated there is no sure way to know if the OP has intent to make a malicious program.

     

    I myself think it is wrong to invade the privacy of the members of the computing community as I have a little brother who goes on social networking sites and I worry every day if someone will infect his laptop.

     

    The problem is that there are too many tutorials on the internet that tell you how to code FUD Keyloggers, RATS and other malicious programs using VB.

     

    We even have to be careful of little twelve year old "Hackers" making Batch viruses these days.

     

    And the fact that there are publicly available Obfuscators on the Internet also raises the fact that these little twelve year olds are making malicious programs that are completely undetectable.

     

    I myself could make one of these programs in 15 minutes using one of the tutorials provided on the internet.

     

    So what can Microsoft do to prevent these programs from being made? Nothing!

    So no matter what we do on this forum, If someone is asking about key hooks and we don't give them an answer they will just go and join an online comunity such as Hack Forums or VC tools which are listed in every search engine.

     

    Either way we will still have a plethora of "Hacker wannabe's" or  "Skids" spreading their malicious programs via youtube and upload sites not to mention through P2P Networks such as uTorrent, Limewire etc.

     

    And one last thing is the fact that we have online virus scanners like  http://www.novirusthanks.org/ that allow you to choose whether your sample will be distributed to other Anti Virus Companies. So even if their Virus, Keylogger, RAT etc is detected by NOD32 all the other Anti Virus Distributors won't get an notification telling them about this new malicious program. 

     

    Last of all I would just like to say that no matter what we do the "Hacking Community" still wins. And that is a very sad thing indeed.

     

    Jai Brown

    20 Haziran 2010 Pazar 06:38

  • The differnce here is that the API provides these parameters to applications that need them.  Yes, they could be used to to malicious things, but in all likelyhood, no they wouldn't alone be malicious.  Often, the information you cited is used in diagnostic messages when a user has a problem with software.  It might be sent with a bug report.  This can be very useful.
     
    A recent question about the users' password has no ..net api provided (nor Windows api), and therefore would resort to hacking the OS.  This would be clearly a malicious software to try helping.

    --
    Mike
    20 Haziran 2010 Pazar 11:39
  • @Family Tree Mike

    Was that post directed towards me?

     

    If so do you mean the codes I used in my post?

    I know that they aren't malicious codes but they can be used in a keylogger to send the information to the person (Hacker) who sent out the keylogger.

    20 Haziran 2010 Pazar 11:46

  • Yes, I was replying to your post (Jai.Brown). 
     
    The codes you posted could have been in response to 1) a person wanting to send a log of the system characteristics in a debug process, or 2) a person wanting to send over a socket info about a computer in order to push back mods to code.  What I was trying to answer in your question was how to define the line of whether answering a answering a post crosses the line of helping a malicious coder.  It was just my opinion.  The three calls you showed are fairly well documented in MSDN, and in themselves don't lend themselves to malicious code.  The malicious parts would be harder to develop than these three calls, so I would have no question but to provide these as the answer to the question (example) you showed.

    --
    Mike
    20 Haziran 2010 Pazar 12:17
  • Ok Family Tree Mike.

    Thank you for your detailed answer :)

    I hope I can contribute to this community and help to stop and threads that request help with malicious coding.

     

    A nice day to you all and keep vigilant lol.

     

    20 Haziran 2010 Pazar 23:29
  • You know what? People are interested in legislating who and what people answer. I have not and would not help some violate anothers machine.

    But I'd like for the choice to be mine based on what I think at the time.

    Renee

    26 Eylül 2010 Pazar 09:21
  • I had some people that wanted help but then as soon as I asked them the tough questions they stopped responding. if you wait till last minute sometimes on the hard stuff to give code it makes the poster work towards it and ensure its not a script kiddie. I can easily tell if its a script kiddie or someone just needing some kicks or inexperienced. I will have a good post from wdk forum where a person doesn't post code or even explain himself better and so they just stop responding and he stops asking. But i stay away from people asking for code that involves kernel operations because usually those are the narfarious people. But as said in this thread before you can pervert anything wheter simple or not.

    A real life scenario is suppose I have a potato gun and fire potatos out of it at someone thats bad right? Well the potato by itself would be eaten and is not dangerous. Most script kiddies wouldn't know what to do with that knowledge even if they saw it. Heres a rephase from a quote in wdk forum about knowledge of device drivers (Tim i believe): "Most people that know how to develop device drivers and are certified are few and you dont just walk in and start developing device drivers, kernel level, or c++ components"

    The same in my terms applies for vb.net if their serious about programming in vb.net then when you talk about a class they will understand about it but script kiddies or malicious intented people tend to look for something specific.

    Heck if I was good with the wdk kit I could fake the test signature anti-virus's have to pass to be recognized as an anti-virus by windows but thats overkill and most people including me wouldn't take that step at all. My last sentence was to prove the above.


    Once you eliminate the impossible, whatever remains, no matter how improbable, must be the truth. - "Sherlock holmes" "speak softly and carry a big stick" - theodore roosevelt. Fear leads to anger, anger leads to hate, hate leads to suffering - Yoda. Blog - http://jefferycarlsonblog.blogspot.com/




    • Düzenleyen The Thinker 24 Mayıs 2012 Perşembe 16:28
    24 Mayıs 2012 Perşembe 16:16
  • My email announced activity on this thread.

    The intent of the person asking the question is entirely irrelevant.  Determining their intent is a waste of time, and can be frustrating for both sides of the conversation.  What I've felt is most relevant is the potentially hazardous risks involved with leaving potentially malicious code on PUBLIC sites.

    My stated rule of thumb has been to post what is found ... and frequently hard to find for most people ... in the MSDN Library.  That is my starting point, not a hard line drawn in the sand. It is not a law, but a starting point.  I suggest to others find their own starting point.

    Another rule of thumb that I did not adequately discuss on this thread is the practice of DELETING potentially malicious code after it is posted and put to use by the OP.  I would not leave "potent" code snippets laying around for just anyone to browse, and I strongly suggest that others follow suit.  Not all web sites and forums permit you to edit/delete posts, and some for only a limited period of time.

    Happy Coding.

    Rudy   =8^D


    Mark the best replies as answers. "Fooling computers since 1971."

    http://thesharpercoder.blogspot.com/

    23 Ekim 2012 Salı 15:12
  • Deleting potentially malicious code after it is posted and put to use by the OP, As OP put to use so will the really bad one. The last might be even faster to get it, because they are in that kind of enviroment, they might be in look up or even tracking those they think have such expertise and ability to provide.

    Deleting potentially malicious code after it is posted does not help these seeking it for legit and good use. These that are searching it after the OP looking for similar questions. The community as whole. Do to the nature of the issue, one idea that come to my mind is to solve the question on one on one basis if after you determine that the OP is legit, maybe through email or other secure source (how secure is email this day I have no idea). This way the code is not in the open, out of reach to the bad one,  still the community is open to all to ask and receive support.

    My apology, I do remember this post is for these professional in the field. ( I am just a beginner so, sorry)


    Be a good forum member. Make this forum a great place to meet and interact with others around the world.
    Helpful Links:

    23 Ekim 2012 Salı 17:28
  • This post is not for professionals.  It is open to anyone who wishes to post an opinion, most especially  beginners.

    "Anyone who thinks they know everything, is ignorant of everything else." - Frank Herbert.

    "Education is an experience that can last for a lifetime." - Unknown.  It's up to the individual.

    Your proposal of communicating via email is not a unique one.  There are plenty of potential benefits, but there could also be some potential dangers.  Exchanging of emails in the MSDN Forums is not something that I believe Microsoft wishes to encourage.  I am almost certain that someone had a link to a web site in their profile, and another web site was used to exchange emails.

    Here's one dangerous scenario associated with trading emails.  It is based upon a true story.  What if the person you begin trading emails with really is creating malicious code?  What if that other person happens to get caught?  What happens when their PCs are confiscated as evidence, and the hard drives are searched?  What happens to you when they see your name in a Contacts list and dozens of emails suggesting that you "collaborated" with the guilty party in creating a software virus?  My friend was arrested, but eventually all charges were dropped.

    That is probably the worst case scenario, but it can and did happen.

    Rudy   =8^D


    Mark the best replies as answers. "Fooling computers since 1971."

    http://thesharpercoder.com/


    23 Ekim 2012 Salı 18:55