I’m seeing strange names in my list of docker containers, is someone having fun at docker or is that from hackers?

I’m trying to run a docker and it fails for various reasons. As I check my list of dockers (docker ps -a), I see those names:

pedantic_gauss recursing_feynman adoring_brattain suspicious_tesla gallant_gates competent_gates elated_davinci ecstatic_mahavira focused_mirzakhani 

I use docker-compose and I’m sure we do not have such names in our setup files. Is that just something docker people thought would be fun to do?! I searched on some of those names and could not really find anything useful, although it looks like these appear on many sites, somewhat sporadically.

What do people mean when they talk about “hackers gaining access to our network” (at home)?

Have I fundamentally missed something between the time when I sat with my 486 IBM PC in the house, fully offline, and today? Do normal people actually set up complex local networks in their homes where they have some kind of “trust anyone with an internal IP address” security scheme going on?

What exactly do they mean by this? I get the feeling that either I am extremely ignorant and somehow have not understood basic concepts of networking in spite of dealing with this (and hating it) for 25 years, or they have no idea what they are talking about and have learned everything they know about computers from Hollywood blockbuster movies and crappy TV series…

What does “gaining access” to a home network mean? Is that, like, exploiting the NAT router (if such a thing is used, which has not always been the case for me)? Even if they exploit the router, that doesn’t magically give them any “access” to the “network” (meaning PCs connected to the router)? At best, they can maybe read plaintext traffic, but how much such is there these days? I shall hope 0% of all traffic.

And again, for a long time, I didn’t even have any device “in between” the ISP and my single PC. It was a very “stupid” cable modem or ADSL modem which had no control panel or any NAT features etc. Right now, I’m using a Mikrotik NAT router which I update maybe once a year at best, because it has the most user-hostile, idiotic mechanism for enabling “auto updates”, which you’d think would be not only dead-simply, but enabled by default. Nope. You have to follow their cryptic news and decide when to manually SSH into it (or use the extremely confusing and messy web interface) to apply updates. I guarantee that 99.99% of all people (including “geeks”) have no idea that they even need to do this, let alone actually bother to.

So what do people mean when they talk about “gaining access”? No updated version of Windows has ever just allowed somebody to randomly connect remotely to “gain access”, regardless of the presence/absence of a router/switch/whatever in between. Or, if it has, that’s some kind of “0-day” exploit or unknown-to-the-public exploit. The so-called “hackers” that people talk about more than likely never “gain access” like that at all; I bet it’s 100% social engineering and tricking them into running coolgame.exe as sent to them in an e-mail attachment and things like that.

Since apparently I always sound rude, I should point out that my intention with this question is to understand people and the world, and not an attempt to somehow sound “superior”. I’m genuinely wondering about this since not a day goes by without me feeling extremely paranoid about security and privacy, especially knowing how incredibly naive and stupid I used to be, and how naive and stupid people in general seem to perpetually be about these things.

Where is the line drawn for ethical hackers using stolen credentials in their paid services?

The very interesting question I have is when “ethical” hackers/pen testers harvestthese repositories of stolen credentials to then use them in pen testing for paying clients what ethical boundaries are broken? What laws are broken? If a lazy hacker leaves their captured credentials out on un insecure, public facing server and then an “ethical” hacker grabs them for their own paid services, it seems to me that it’s stealing already stolen goods.

What about a penetration tester taking credentials gathered from a paid/contracted job and adding them to a database to be used in future client jobs?

Best Security measures for non-IT pro to take when at risk of hackers?

Could you’ll give me some advice or links to some really high level tutorials on the subject already out there?

I work at a WeWork and am surrounded by about 5 different IT / coding type of companies. They apparently hacked me somehow, I don’t know how, whether it was bluetooth or using WeWork wifi, or maybe the screen sharing app used to control monitors WeWork uses or the Papercut print client.. somehow they were on my PC, as if they were controlling it (like a screensharing remote access app). They apparently thought it was funny, messing with stupid stuff like my volume settings, moving files on my desktop, writing in a Word document. However, I’m not playing… I want everything on lock but I’m no pro.

What steps would an IT pro due if they were in shared office enivornment to put their PC on lock?

Things I did:

  • Changed all my passwords to strong passwords, and am keeping different passwords for my important points of entry. Ex. different passwords for home router, Microsoft 365, Google, etc.

  • Started connecting to network by ethernet cable. Leaving Wifi and bluetooth turned off.

  • Connect to VPN.

  • Started using Norton 360, I believe Windows Defender still runs too.

What else should I do?

  • fresh install of Windows?
  • Get an encrypted router to connect to Wework ethernet?
  • switch to Mac?
  • stop letting Google Chrome store passwords? I mean.. if they can access my PC and see the screen all they have to do is go into Chrome settings they can expose all my passwords immediately..

What steps would you recommend? I have a surface pro (5th gen) running windows 10 Pro.

The original hacking occurred almost 2 months ago at which time I did the ‘things I did’.. and believed I kicked them off? I’m not so sure, I’ve been using the ethernet cable & vpn for about 2 months with no issues. Just the other day I started having this problem, when I would come into the office and plug in and start-up, it would not connect to the network automatically. I couldn’t figure it out, I checked my ethernet connections they seemed good. I went into network adapters, disabled/enabled and internet works perfect. Have had to do this 2 days in a row now every time I boot up. I have a friend in IT I was telling about this yesterday she said it sounds like they are still on my PC or they are ‘snooping’ and that’s why I have to disable/enable my router, she says I’m ‘kicking them off’ most likely. Can anyone comment on this?

How do Hackers use RATs without their server/IP being revealed?

When hackers put trojan horses on someones PC, those programs (which are, by definition, just stealthy RATs with some… extra features) need to communicate with them somehow. A direct peer-to-peer connection to their own PC is obviously impossible due to NATs being installed in pretty much any modern Network. Even if they used port forwarding or more obscure techniques like UDP hole punching, their IP address would instantly be revealed to anyone investigating the attacked PC. So, to my understanding, they’d need to use some kind of server. Is there a way for them to anonymously purchase servers so that they can’t be traced back? Or can they use Proxys/VPN’s on the Victim’s PC + Port Forwarding in their own network to not only hide their target’s IP to the ISP but also their own IP to anyone investigating their Victim’s PC? This surely must be impossible since the IP has to be stored somewhere within the binary, right?

Why are we still attempting to smart off hackers? [on hold]

Isn’t it better to “open” our doors, ajar, leaving a bit of honey behind the door, instead of trying to close what makes it more interesting for the hacker to keep on the operation?

Maybe using a trap behind the open door?

To give a real-world example, leaving the key under the house’ door mat, you make the key available to the intruder and so you try to hide it, it will help to leave the house open and “faking the infrastructure”.