Really worried since I went to this website

[New2TheMac]

I'm not worried about a virus since there aren't any, I'm worried about being hacked. I had some questions about my router and I was given a link to a place called Securitytube.net. The link specifically is Router Hacking Part 1 (The Basics) Tutorial

The website scares me because it seems to be about hacking. I'm worried that since I went there and watched the video that I could have been hacked. I'm also worried that the firmware or bios on my router could be hacked so that if I do a hard reset of the router any hacking they could have done would still be on there. Can anyone tell me if that website is safe? Could my router bios or firmware have been hacked?

 

[Jamie-Jamie]

Hon, SecurityTube is a site for computer security specialists. Why were you looking into how to hack a router? Should we be worried?

 

[New2TheMac]

NO NO NO, I am not up to anything bad! I wouldn't know a thing about hacking other than it's bad if it crawled up my behind! I'm afraid that my router firmware or bios on the router could have been infected after going there. I went to that website because someone sent me a link after I asked about it being possible for someone to hack my router and redirect where my outgoing traffic (such as when I enter my credit card number) was going.

 

[Jamie-Jamie]

Oh... lol. I sincerely doubt it. Put a really good password on your router and forget about it. There's a really good way to tell if you're paranoid: If you think someone's after you, they aren't.

 

[dtravis7]

Just watching the video there would do nothing. A routers firmware is not that easily hacked as some think. You have to have remote access enabled or few could ever get to the to the point of changing your firmware.

As far as visiting sites like that, I do myself as a learning tool as I am really into networking and security. Good way to learn how to secure a router. People just don't go to sites to learn how to hurt others.

I DOUBT you have a thing to worry about. CWA and other Networking Guru's will probably respond also. I am waiting for their input.

And yes, I learned how to hack WEP to educate others on why they should NEVER USE WEP but WPA or WPA2 if they want to be secure! Knowledge can be a good thing as long as it's not used in a bad or illegal way.

 

[New2TheMac]

CWA's and other opinions are definitely welcome and begged for, but how certain are you that there is nothing to worry about after going to that link?

 

[Jamie-Jamie]

Absolutely. Besides, it's a legitimate security info site. They're there to help keep you safe. Like dtravis7 said, you can learn a lot. I was just messing with you above, I didn't mean it to sound like I was getting on you

 

[cwa107]

You have nothing to worry about. There are no known Javascript exploits for Mac OS X, and this particular website is well-known in the field. I wouldn't sweat it.

 

[IvanLasston]

You have nothing to worry about. There are no known JavaScript exploits for Mac OS X, and this particular website is well-known in the field. I wouldn't sweat it.

It may not be JavaScript but there are vulnerabilities. Again if you are going to an unknown website I'd recommend noscript/cookieblock combo with firefox at the very least.
Pwn2Own MacBook attack: Charlie Miller hacks Safari again | Zero Day | ZDNet.com

And as I said in your other thread - as long as you didn't install any codecs watching videos should be fine.

 

[cwa107]

It may not be JavaScript but there are vulnerabilities. Again if you are going to an unknown website I'd recommend noscript/cookieblock combo with firefox at the very least.
Pwn2Own MacBook attack: Charlie Miller hacks Safari again | Zero Day | ZDNet.com

And as I said in your other thread - as long as you didn't install any codecs watching videos should be fine.

Charlie Miller's latest hack is in PDF (specifically, Preview). There are no known Javascript vulnerabilities at the moment (at least none that have been reported) and this site is using Javascript to launch the video window.

 

[osxx]

Unless things have changed isn't WPA2 the most secure and has not been hacked.

 

[cwa107]

Unless things have changed isn't WPA2 the most secure and has not been hacked.

Yes, WPA2/AES is the most secure wireless encryption standard to date.

The OP is concerned about a website-based exploit, which is unrelated (i.e. WPA2 would protect your wireless network from nearby interlopers, but it's your firewall and browser security that protects a session between you an a web server).

 

[dtravis7]

Yes, WPA2/AES is the most secure wireless encryption standard to date.

I think the WPA2 remark was because of what I said about going to sites and learning to how to hack WEP to show people how unsafe WEP is. I mentioned WPA and WPA2.

Yes WPA2 is the most secure but WPA is not that much less so.

Charlie Miller really bugs me BTW. I hope people realize he does not just walk in there off the street and in 10 seconds hack OSX or whatever. He works for months to figure out his hack before that contest.

One of the so called OSX Hacks back a few contests ago where they went RIGHT INTO a Mac Mini, well a few important points were left out and came out later. The Mini was WIDE OPEN. Also the hacker knew the username and password. That is like me giving you the keys to my house and you bragging you broke in and stole my stuff. Another person put up a Mac Mini online set up properly and people tried for 24 hours and could not get in.

 

[IvanLasston]

Charlie Miller's latest hack is in PDF (specifically, Preview). There are no known Javascript vulnerabilities at the moment (at least none that have been reported) and this site is using Javascript to launch the video window.

That is good info. If you read my post I agreed with you - as I said it may not be JavaScript but there are vulnerabilities. For example, if you can turn off the Mac you can get in, but that is true of every OS, even linux.

After hanging out in this forum for a while I think people play down security a little too much. There are a myriad of security threats out there that have nothing to do with viruses - keylogging, phishing, social engineering, man in the middle attacks, bad installs are all other ways to get hacked on a Mac as most of these attacks have nothing to do with what OS you are running (other than bad installs)

New Apple Trojan Means Mac Hunting Season Is Open
Note on this forum someone may have gotten this trojan - but again this was a combination of social engineering (dude said he had is password written nearby his computer) and a trojan - I am just advocating caution even with a Mac. It is also why I asked to OP if he was asked to install a codec.

The usual keys of having everything up to date, having strong passwords, paying attention to certificates and ssl, all should keep you safe - but I don't see that reiterated very often - just the usual rote quote of there are no viruses for Mac.

 

[dtravis7]

I don't think you know the main members here that well if you feel we don't take security seriously. I take it very seriously both on Linux, Windows and OSX. I have never once been hacked on Linux or OSX though even when I deliberately took out those precautions and was very careless, BUT at the same time I never would suggest to anyone they do what I did. I even downloaded that so called Trojan and installed it on a spare Mac. Saw it work redirecting DNS, and removed it in 15 seconds in the terminal. No registry to fight with for hours made it easy to get rid of.

Having things up to date and good passwords and everything else you said is true no matter what OS or computer you are running.

But as a Windows computer tech I see almost daily systems that are totally messed up and I know their users and they have taken most of those precautions and still got hit. Funny though my personal XP, Vista and W7 systems never seem to get hit.

Also on that whole Codec thing, if anyone goes to a site they don't know and especially a porn site, downloads a Codec and gives the installer the admin password, they almost deserve what they end up with! Sorry if that sounds mean, but wow.

That whole Wired article to me (I have seen it many times before) is FUD to me. Sure be careful but so far with OSX there is no reason to cower in a corner and be afraid to even use your computer on the net!

 

[IvanLasston]

No I don't know the members well - I am new here and I'm not trying to pick a fight. It is just the last few security questions all seem to revolve around viruses and how there are none. 2 recent threads stick out to me
http://www.mac-forums.com/forums/sw...eformat-without-anything-being-left-over.html
http://www.mac-forums.com/forums/switcher-hangout/195775-email-virus.html
Where members dismiss viruses out of hand but the issues in the thread seem to be a social engineering issue.
So I apologize I may have rushed to judgment but all I saw in those threads from others is "there are no viruses, you're probably OK" which is what led to my original tirade.

 

[dtravis7]

No I don't know the members well - I am new here and I'm not trying to pick a fight. It is just the last few security questions all seem to revolve around viruses and how there are none. 2 recent threads stick out to me
http://www.mac-forums.com/forums/sw...eformat-without-anything-being-left-over.html
http://www.mac-forums.com/forums/switcher-hangout/195775-email-virus.html
Where members dismiss viruses out of hand but the issues in the thread seem to be a social engineering issue.
So I apologize I may have rushed to judgment but all I saw in those threads from others is "there are no viruses, you're probably OK" which is what led to my original tirade.

BTW, not trying to be mean to you either. Just giving you a little input on the way some of the networking people here at Mac Forums feel about security.

I agree with your point completely! I also agree on that first URL you pointed to. I thought I had posted in that thread but guess it was a different one.

 

[sau124]

Most newer routers have built in firewalls to resist hackers (small scale ones, they are pretty easy to hack with some advance tools) and as long you don't have any ports open (and considering your thread I am assuming you are not very savvy with the routers) you should be OK whatever site you visit in terms of hacking. Also, hackers are not interested in individuals and their primary targets are big companies/corporations so that they can boast about it on their profile...