Mandiant Report on security makes a fool out of experts

What a stupid way to hack, I will never get caught with my pants down, this “real” session is faked, it is so easy to masquerade an IP address to hide a real IP login. Moreover, nobody uses hacker tools to hack, I will use technologies nobody has, unknown protocols and unknown ports where I will even delete the logs of the administrator, it goes just to show how backward Mandiant is.
The easiest way to steal data is the “Man in the Middle” attack as all communications is not encrypted, I can listen in to any session to decrypt any info you sent, why go to the trouble of hacking servers and get caught?
All I need to know is what OS you use, which browser, your IP address(Service Provider) and the websites you frequent, it is so easily to gather these info.
Cyberwarfare, no need, I will win anybody anytime without touching your computer to leave evidence, I am so clever I will not even leave a trace of evidence behind.
I never believe in ethical hacking, so I will never demonstrate anything, I can however explain every single vulnerability in computers and networks, for the sake of ensuring security, as I am now an expert in everything.
Another way is to trick you to download screen capture, monitoring software for your keystoke/mouse, and steal your all your login data from the different sites you visit, there is even a backdoor in windows which is a remote access service which is turned on by default to allow another to login, only Microsoft has the key, but if you know about it you can disable it.
There are exploits in Flash player and Java which you are able to run codes to command and control software on your pc, I use a fully configurable firewall software to block everything, even the makers of antivirus software or apps you run like Skype, QQ or Facebook has access to your desktop, if the administrators want, it is not difficult to compromise your pc.
For browsers it is not difficult to find out which version you use, then I have access to cookies and your temporary files, for IE it is easy to exploit Active X, Firefox to exploit plugins, and Google Chrome to exploit Java and Flash. I can even see which documents you open, and if I have admin access I will access every file on your desktop.
For Google Chrome, the synchronised login for Google platform can be utilised to track and monitor, even Digital Certificates for browsers can be used for this purpose. There is no proper firewall software written for both IPv4 and IPv6.
There is a big problem with cache and swap memory, I can easily modify it to other data and software to use it to attack my target, where there is totally no security.
Even database calls can be compromised if you know the exact structure/version/methods to mess with the information, I may not be a software programmer, but I know enough to mess with any format of database.

– Contributed by Oogle.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s