Slashdot Mirror
Network Hacking
Wrighter the Pessimist writes: "In this article on Yahoo, they report that computer hacking has become easier, partially because of devices that have built-in computers, like printers and playstations. However, it also lists a number of 'ordinary' (obsolete?) methods of 'hacking' - such as gaining physical access to a corporate computer, and social engineering. It would be interesting to see a study done on this, to see how many attacks are actually carried out from such devices." The article touches on the Dreamcast Attack mentioned the other day, but also some slightly less bulky approaches. Be on the lookout for dark-clad intruders slipping CD-Rs into machines at your workplace ...
The number of outraged responses saying it is cracking, not hacking.
They day social engineering is obsolete is the day there are no more humans and computers rule the world.
As long as there are people, social engineering will work wonderfully.
Comment removed based on user account deletion
If doing this for a living rather than being a sad muppet who thinks its "cool" (Snowboarding is cool, Skydiving is cool, hacking IIS is not cool).
1) Buy people, rival firm has a product you need to sabotage... well hire their best brains so it turns out shit... and you get the product as well.
2) Have a clipboard, 99% of companies and people in those companies will not query a suit with a clipboard. This gives you the ability to walk into any areas saying you are doing a "Time and motion" study for the new Quality Iniative. Or do an "assets" audit and take away servers for "verification" that aren't on the "official register".
3) Buy the people
4) Have someone join as a graduate, or even as a more senior person. Sure it violates their contract, but just pay them the cash.
5) Supply the network upgrade at low low prices via a subsiduary, then ensure they can be "remotely administered as part of the outsourcing and support deal".
6) Buy the people
7) Walk into PC support, ask for a backup of your server from date X put onto new server Y. Or even better just get the required files burnt onto CD. Sure you have to fake the paper work, but that isn't hard.
All of these will be more effective than hiring script kiddies.
WARNING: Do not try the above at a military base, unless you want to get shot, corporations will normally just have you prosecuted.
An Eye for an Eye will make the whole world blind - Gandhi
I am a cracker because a hacker is defined in US and Federal laws to not be allowed around a computer.
I am a cracker because a hacker would be thrown in jail for modifying an XBox to have split-screen, dual game-playing processes at the same time, while a hacker would've been thrown in jail immediatly for such an offense.
I am a cracker because a hacker is who made the software insecure in the first place.
I am a cracker...ok just pass the grey poupon...ney nice insecure port 21 on slashdot.org, exploited...
I am the nightmare of nightmares.
my PLAYSTATION has a built-in COMPUTER?
holy SHIT!
im taking it back to the shop before a fucking TERRORIST hacks into it
Serious question [I thought about submitting to Ask Slashdot, but this thread should be just as good]: We've been using a LOT of Linksys devices (NAT routers, wireless access points, etc.). Does anyone have any info [preferably with URLs] about Linksys security vulnerabilities? Thanks.
I wish I would have know you could have used a Dreamcast, CD, or iPAQ to get access to a network. They caught me when when I tried to sneak my main frame in.
My place of work is so secure it changes ALL the passwords almost every 3 days. And just as you would expect, 1 in every 2 or 3 workstations has every single user/pass combo on a Post-It(tm) stuck right to the monitor.
At first I took the notion with apprehension. But then I recalled, there was a time when we told people "You can't get a virus in a document file", "You can't get a virus from your email message" But even back in the day, you could cause extensive damage to your dos machine just by typing a text file with malicious ansi codes. Microsoft and others who have opted for the "feature rich" approach to dynamic documents have created more security problems than convienences.
Postscript is a pretty powerful programming language, and most printers today have it embedded. While I don't think it has TCP/IP capability yet, it wouldn't surprise me if someone doesn't find a stupid reason to implement at feature into the printer language, or even something that allows more low level control of the printer hardware could be used to gain access to the network. Remember people, it doesn't have to be easy. Virus/Trojan writers pride themselves on invading the bold new frontier. Don't get complacent.
As more appliances get network connectivity and more flexible embedded processors and operating systems, they'll all be subject to the same concerns. I'm already addressing some of these issues with my simple home automation projects. The computer I use to control things is isolated from the rest of the network other than the single open port for commands. Despite the security I might have implemented on my network, I can't assume that the network is always safe. And while right now I only have lamps and sprinklers on this system, when more complex (and potentially dangerous) appliances get added, a comprised system becomes a serious liability.
-Restil
Play with my webcams and lights here
...hmmm...based on my experience I'd have to say network hacking reached its "easiest" level right after the year 2000 turned over. There were just so many holes in the software, so packages to choose from, so many unprotected systems, etc. As people have gained wisdom (still without the +1 modifier) about security, I'd have to say systems have been getting steadily harder to hack. (This will probably change if .NET gets widely accepted however.) Of course, this article relies heavily on physical security risks, but I think orgs have greatly tightened these up too since 9/11.
You mean outsourced sysadmins? Yeah them's a nasty lot.
There's another related article on Yahoo! that mentions that it's okay to hack back.
Things you think are in the Constitution, but are not.
Yeah it sucks. Every time I want to jaywalk or speed a little in the car, I have to put on my robber mask and black cape.
Who started this crap anyway? All bad guys must wear stereotypical clothing?
Why even bother with physical access? The number of people here at work who screw their machines up due to email viruses received through checking their Hotmail, Yahoo and AOL webmail accounts at work is frightening.
Those viruses and trojans slip neatly by all the elaborate MS Exchance server based virus scanners we have.
And since this is a non-technology sector corporation, they try to cut costs where ever they can, which means McAffee virus scan on the local computers, which has caused so many conflicts between the latest virus definitions and programs like Microsoft Word that most end users tend to turn automatic virus checking off without permission.
In the end, social engineering will never be "obsolete".
Just think, all those computers on the corporate networks out there, and I without an install CD for the setiathome client.
This sig no verb.
Me and about ten close college buddies are thinking about hacking thermostats with wireless connectivity and connecting them directly into target servers. The hard part is sneaking them into the server rooms without getting noticed. I figure a problem with the printer or air-conditioning would be easy enough to cause, but it's risky.
Any Ideas?
| - | - |
Um, no. Hacking is not a crime. Cracking is a crime. The term 'hacking' has been misused by government "experts", reporters who can't learn the difference, and idiots since damn near the dawn of the age of the Internet. I put you in the last category.
Kierthos
Mr. Hu is not a ninja.
Better give security guys more cash.
All these "what if" scenarios and "theoretical" hacks, and very little in the way of real world demonstration.
Now Printers are vulnerable....but I didn't see or read about any demonstrations that showed how to determine what printer was on a network, how to get into that network and how to "own" a printer, and what could be done after the printer was compromised. Did anyone do an nmap -sS -O on an IP of a Lexmark 1200 to see what processor and OS came up?....doubtful. Anyone demonstrate how to connect and get a banner and prompt with netcat? (if they did, what would they do, print with only magenta or screw around with the queue?)
I'd worry more about the fact that they got on the network in the firt place than the fact that they could take over the printer.
And the CDROM attack...A Hacker could mail a CDROM and get it to install on a PC because some luser is curious? Yah, I suppose. Or the sysadmin could make accounts in NT and W2k that doesn't allow programs to be installed...hell, they don't even have to allow CDROM access.
Maybe they should testify before congress and claim that they can bring down the internet in 30 minutes from a HP Plotter, or that Osama Bin Laden will now mail CD's promising free "Click Art" to unsuspecting secretaries around the US with a thing for "Precious Moments" themes. Because Congress will shovel any amount of money to greedy bastards wearing a propeller beanie, and talking about things they know nothing about.
Ironic that these guys often start out by breaking into places, then demanding alot of money to protect the world from people like them, and then advocating jail time for future business competitors down the road.
I hope i read you right.
Knowing where bugs and vulnerabilities exist and publishing them to the general public as to what's going on with a particular IT vendor is aiding and abedding criminal activity?
Shouldn't it be creating software/hardware with bugs and vulernabilities be illegal?
Non impediti ratione cogitationus.
Non-terroristic Americans always obey and support the law 100%.
Civil disobedience is often necessary. Or do you think that Martin Luther King, Jr. and all the other people in the Civil Rights movement during the last half of the past century are terrorists? When a law is wrong you have to speak up and say so. When speaking up gets you in trouble with the law, then civil disobedience and protest is the next avenue. If that doesn't work, actual revolution may be needed.
This is embedded in our political tradition. If you don't think so, here's what the Declaration of Independence says:
When in the Course of human events, it becomes necessary for one people to dissolve the political bands which have connected them with another, and to assume among the powers of the earth, the separate and equal station to which the Laws of Nature and of Nature's God entitle them, a decent respect to the opinions of mankind requires that they should declare the causes which impel them to the separation.
In other words, if there is just cause it is okay to do things that the American Colonists did, the protests (Colonists went to England to plead the case with the King and Parliament), the civil disobedience (The Boston Tea Party), and finally to revolt, if need be.
When we see our civil liberties and privacy removed by our government and large corporations we have a civic responsibility to stop it, as do all like minded people.
In my universe I'm perfectly normal, it's not my fault you don't live in my universe.
I'd really like to see that ... I'm curious as to what kind of axe is used.
Did you know you can fertilize your lawn with used motor oil?
You've never used System Policies, or an 'Approved Applications' listing then? Sure, neither is a panacea, but they would prevent stuff like that happening quite so easily.
Breaking a Network's security Restrictions can be made difficult, it's just not easy to put the proper restrictions in place on an M$ Product like 2K or XP.
Disclaimer: I meant what I thought, not what I wrote! What? You can't read my Mind? Oh dear!
Any idea what he's talking about here? I can imagine that sending dozens of 100% black pages to a public fax number could grind down the machine - but a printer? If it's networked and subject to the same IP filtering as everything else, I don't see the big deal.
On an unrelated note there was a TV segment here a few nights ago showing a neat trick with those Logitech wireless keyboards. They all use the same frequency, and people type their passwords with them. Use your imagination.
2) Have a clipboard, 99% of companies and people in those companies will not query a suit with a clipboard. This gives you the ability to walk into any areas saying you are doing a "Time and motion" study for the new Quality Iniative. Or do an "assets" audit and take away servers for "verification" that aren't on the "official register".
At my local Walmart, the store's network backbone is located 20 feet from the door leading to the backstock room. There are no obtrusions (except for the occasional six-wheelers with merchandise), and the door's always open. Three-quarters of the time, there's no one in the room, and even if there is, it's typically a low-end manager (the high-end managers like to stick with their own offices) who don't know about how computers work. There's only a "regional" administrator...Walmart feels it's more efficient to let the machines work on their own and pay someone only when the machines don't work.
All you need to do is look young, wear kahki's and a polo shirt, and carry your "geek-bag-o-goodies", and no one will question you being there. As long as you look like you know what you're doing, no one will think otherwise. In fact, there was even one time where I walked in there completely unanounced just to use the telephone (I work for a vendor, not for Walmart). A manager saw me as he walked on by outside the room, and had no problems with me being in that room.
Now, realize that the computer network at Walmart controls everything...the lights, heating, TV / Radio / Announcement systems, the ATM network, evertything. Every Walmart has a satellite hookup to the mainframe (no idea where that is).
My point is that people are way to afraid that someone's going to get them by hacking into the computer, while no one's worried at all about someone walking in and getting them from the inside. There are some wide-open doors when it comes to internal network security (or lack-thereof), and it doesn't take a Hollywood actor to pull off a slip into the server room of almost any company.
autorun CD? Just run your trojan off the Internet; it leaves less evidence.
'Approved Applications' listing then?
:) (some do break though, ugh)
Which under Windows is an immensly fun system that checks to make sure the file name is the same.
Heh.
Amazing how many programs still work after being renamed to calc.exe
Need help treating your acne? Come here!
Personally, I'd say that if a programmer knowingly and willingly created/promulgated bugs and vulnerabilities, there should be some sort of legal response to that. If it's a bug/vulnerability that was not obvious or possible to be noticed until distribution, that should not carry anywhere near the amount of action against the programmer. (They should still fix it, mind you.)
Likewise, someone who publishes bugs and vulnerabilities with no actual interest in seeing those fixed should be hammered as well. I mean, if it's a cracker or a script kiddie who is publishing vulnerabilities so that other crackers and script kiddies can exploit them, well, that's just as bad as not fixing the vulnerability. If it's someone publishing them with the intended purpose of having them fixed, again, different circumstances.
Kierthos
Mr. Hu is not a ninja.
Society as a whole sets the usage. If everyone calls cracking hacking, then the correct word is hacking.
Where I work, if someone showed up with a Dreamcast and plugged it into our network, the poor sap would be fired before you can say "choo choo rockets".
Now I had thought that was a reflection of the mean streak in management.
Now I learn that its a security precaution. That's alright then.
Patrick
1000s Warcraft Gold while you sleep
640k is all you will need.
There's a market for 3, maybe 4, computers in the world.
DMCA will foster innovation.
Social engineering is obsolete.
The problem is, society as a whole did not set the usage. There are still quite a lot of people who know the difference between a hacker and a cracker. The news media and the government sound-bites have tried to set the usage, but that doesn't stop people from trying to correct them.
Kierthos
Mr. Hu is not a ninja.
Ironically I have no more imagination left due to watching too much TV.
-- MMMMMMMMMMMMMMMMMMMM
- On an unrelated note there was a TV segment here a few nights ago showing a neat trick with those Logitech wireless keyboards. They all use the same frequency, and people type their passwords with them. Use your imagination.
My computer room has so much EM noise that a POTS modem connection cannot even be established from here. TheMy radio signals aren't going anywheres.
Need help treating your acne? Come here!
So, you can burn a bootable CD, feed it to a machine for a few seconds, then walk away and have it become your zombie slave.
How long until our favorite company (ahem) uses this to spin some tale about how the "signed OS" BIOS replacement is the right way to go? "Get this, and you don't have to worry about rogue hax0rs".
Unfortunately it also lets them tighten their grip like with the DRM stuff that keeps coming up. Blah.
Says who? I'm sure there would be dozens of pieces of evidence left on a typical intranet.
Firewall logs, histories, all sorts of junk.
I find it so funny that in this day and age, getting a password is so easy. I've had friends posing as campus computer specialists get passwords into the most "holy grail" of computer systems. I can't get into much detail here but what people don't understand is that your password is more than your house key. It has your life behind it. Especially when these days people use online stock trading, medical record databases, personal e-mail, financial accounts, bills, etc. I routinely have to go to my parents house to make sure that they aren't saving passwords on their home computer to extremely sensitive sites. I have to make sure there system's drives are encrypted for that just-in-case scenerio. People I guess just don't understand.
As for these small devices that people use to "hack", I largely doubt there is much to worry about.
Till this day, I have users who call and are handing over their username and password without me saying anything more than "Hello!".
There are users I call who hand over the same information without any thought. Most of the time, I am there busy telling users to please not give me that information. The comparison of the username/password being like an ATM card and pin just doesn't work.
Our abuse department (yes we have one) has a two strikes and you're out policy. That is to say, if anything happens from your account the first time, you are given a warning and forced to read the entire IT policy. The second time, you account is deactivated in effect terminating your employment/affiliation with the university. You pretty much need your account for everything.
This issue has been spoken about for years and things rarely improve, but I still believe educating users is the best way to eventually solve the problems here.
I am Lord Snowbeam. Heed my call!
Comment removed based on user account deletion
Go to a bar or something. Meet women.
Hey! I'm in a bar waiting for a woman to show up.
The guy a couple seats down is trying to hack me, so it's kinda fun.
I think NY is getting geeky.
Hmm.
You can get unauthorized access to a network easily by gaining physical access first.
As computers proliferate and approach ubiquity, security becomes a larger issue.
These are the central themes I identified. This is not news. It is hardly even analysis.
Actually, it struck me more as a kind of public service announcement designed to raise levels of awareness.
Blearf. Blearf, I say.
I mean it. I'm a consultant and its surprising how much I can get a sys admin to do for me over the phone, from across the country.
Recent example - we were converting 17 years of production data from a mainframe into a the replacement system. With the volume, we needed an uninterrupted 40 hour window, but the client performed a cold backup of the database nightly.
The process in place says we call the production DBA's (who know us, and are employees, not contractors like us) and they pass official word to the operators in the datacenter.
Well, after 9 hours of loading, the database goes down at 5:00am. We call the prod dba's, and the on-call guy doesn't answer. So I call the ops center. The story I get is that a contractor on another project requested a backup of some critial files stored on the db box. He did this directly with the operator at 11:00 the night before, and the operator didn't even remember his name.
If a simple phone call to ops is all it takes to take the system down, why bother with the standard exploits?
When some compilers compile, they store the "original" name somewhere in the binary - MS compilers do this for sure.
Of course there is always the most extreme case scenario of a person making a custom tool to break into your system, allowing them to compile it with whatever name they want to.
CRCs or such would help, but even those can be worked around, though with an immense amount of difficulty.
I remember an article on slashdot quite a while back about a mathematical proof showing that once physical access was gained to the machine, nothing could stop security from being broken down eventually. Though in the most extreme of cases it may take many years and many millions of dollars worth of equipment. ^_^
Need help treating your acne? Come here!
I always thought it was ironic that the dumbest users (no offence) had to use a password-managing program to keep track of all their passwords. What they don't realise is that all (closed source) password-managing programs send the user's passwords back to the programs author. Either through a direct connection to some computer, or by emailing them to a hotmail account :) lol. These are the same kind of people that use Microsoft Outlook, or have no firewalls setup to block that kind of thing.. making it all the easier.
This comment does not represent the views or opinions of the user.
Puting a autorun cd into a drive that installs and puts itself into the startup folder would be very easy and very hard to stop
It's hard to stop someone putting that disc in, but it's very easy to disable autorun for data discs. (Music can still start automatically, if you want that) It can probably be done by the admin via a policy file, so no user needs to be trusted. No problem there.
Spammers going after a network printer...
loop (1..1000)line.font = bold;
line.size = 18pt;
line.output = "Need more toner? Call us at ###-####"
line.pagebreak
endloop()
A bit offtopic, so i guess i should post anon, just incase. Shame. Oh well. :(
Has anyone read this book? I would guess so. Sounds a lot like the cd put in the Chinawomen's computer...... Very stealthy, and effective....
I've never known a time period when "hacking" was particularly difficult, especially if one wasn't targeting a specific machine or network. The sad truth that has always been, and shows little evidence of changing anytime soon is... most people don't plug obvious, well-known, long-discovered vulnerabilities. Most "hacking" could be cleared up overnight by simply applying the knowledge and fixes that are readily available.
Quit reading slashdot. It's saturday. Ever wonder why the ladies aren't exactly flocking to you? It's because you're the kind of guy that posts to slashdot on saturday. Why not hop up off your fat, sweaty ass and see what's going on outdoors? Go to a bar or something. Meet women. Live a little, you fucking loser.
slashdot!=valid HTML
See it's funny, cause it's Sunday...
Pot..kettle...black...any of this ringing a bell?
Carpe Canem - Seize the Dog
The MacOS running WebStar and other webservers as has never been exploited or defaced.
:
I know some indication of that particular news piece is regarding cheap local machine packet grabbing, not WAN exploits, but the fact is still the same, no Mac OS 8x or 9x have EVER once been rooted.
In fact in the entire securityfocus (bugtraq) database history there has never been a Mac exploited over the internet remotely.
That is why the US Army gave up on MS IIS and got a Mac for a web server.
I am not talking about BSD derived MacOS X (which already had a couple of exploits) I am talking about current Mac OS 9.x and earlier.
Why is is hack proof? These reasons
1> No command shell. No shell means no way to hook or intercept the flow of control with many various shell oriented tricks found in Unix or NT
2> No Root user. All mac developers know their code is always running at root. Nothing is higher (except undocumented microkernel stufff where you pass Gary Davidians birthday into certain registers and make a special call). By always being root their is no false sense of security.
3> Pascal strings. ANSI C Strings are the number one way people exploit Linux and Wintel boxes. The mac avoids C strings historically in most of all of its OS. In fact even its roms originally used Pascal strings. As you know pascal strings are faster than C (because they have the length delimiter in the front and do not have to endlessly hunt for NULL), but the side effect is less buffer exploits. Individual 3rd party products may use C stings and bind to ANSI libraries, but many do not.
4>: Macs running Webstar have ability to only run CGI placed in correct directory location and correctly file "typed" (not file name extension).
5> Macs never run code ever merely based on how a file is named. ".exe" suffixes mean nothing. For example the file type is 4 characters of user-invisible attributes, along with many other invisible attributes, but these 4 bytes cannot be set by most tool oriented utilities that work with data files. For example file copy utilities preserve launchable file-types, but JPEG MPEG HTML TXT etc oriented tools are physically incapable by designof creating an executable file. The file type is not set to executable for hte hackers needs. In fact its even more secure than that. A mac cannot run a program unless it has TWO files. The second file is an invisible file associated with the data fork file and is called a resource fork. EVERY mac program has a resource fork file containing launch information. It needs to be present. Typically JPEG, HTML, MPEG, TXT, ZIP, C, etc are merely data files and lack resource fork files, and even if the y had them they would lack launch information. but the best part is that mac web programs and server tools do not create files with resource forks usually. TOTAL security.
4> Stack return address positioned in safer location than some intel osses. Buffer exploits take advantage of loser programmers lack of string length checking and clobber the return address to run thier exploit code instead. The Mac places return address infornt of where the buffer would overrun. Much safer.
7> There are less macs, though there are huge cash prizes for cracking into a MacOS based WebStar server. Less macs means less hacker interest, but there are millions of macs sold, and some of the most skilled programmers are well versed in systems level mac engineering and know of the cash prizes, so its a moot point, but perhaps macs are never kracked because there appear to be less of them. (many macs pretend they are unix and give false headers to requests to keep up the illusion, ftp http, finger, etc). But some huge high performance sites use load-balancing webstar
8> MacOS source not available traditionally, except within apple, similar to Microsoft source availability to its summer interns and engineers, source is rare to MacOS. This makes it hard to look for programming mistakes, but I feel the restricted source access is not the main reasons the MacOS has never been remotely broken into and exploited.
Sure a fool can install freeware and shareware server tools and unsecure 3rd party addon tools for e-commerce, but a mac (MacOS 9) running WebStar is the most secure web server possible and webstar offers many services as is.
One 3rd party tool created the only known exploit backdoor in mac history and that was back in 1995 and is not, nor was, a widely used tool. I do not even know its name. From 1995 to 2002 not one macintosh web server on the internet has been broken into or defaced EVER. Other than that event ages ago in 1995, no mac web server has ever been rooted,defaced,owned,scanned,exploited, etc.
I think its quite amusing that there are over 200 or 300 known vulenerabilities in RedHat over the years and not one MacOS 9.x or older remote exploit hack. There are even vulnerabilities a month ago in OpenBSD.
Not one exploit. And that includes Webstar and other web servers on the Mac.
--- too bad the linux community is so stubborn that they refuse to understand that the Mac has always been the most secure OS.
BugTraq concurs.
I would expect Slashdot, of all places, to avoid misusing the word "hacking".
Even if we were to give up the battle over the original meaning of the word (a concession I do not make), the meaning being propagated by the media seems deliberately designed to cause confusion. When the same word is used to refer to (a) exploring and/or modifying a system you own, (b) breaking or bypassing the security features of a system someone else owns, and (c) breaking into and vandalizing a system someone owns, it gives the impression that anyone who does any of these things is a criminal -- or, conversely, that anyone who vandalizes someone else's computer system is just having a little innocent fun.
If you want to talking about someone breaking into someone else's computer system, call it what it is -- trespassing. If you want to talking about someone deliberately modifying someone else's computer system without permission, call it what it is -- vandalism.
You know, the last place I worked, they never ordered CDRoms for any of the machines. Strikes me as smart in a way now even if it was a royal pita then. Combine this with losing the floppy drive and you'd be doing very well I'd think. Less amount of viruses brought in from the outside as well.
Carpe Canem - Seize the Dog
I'm not sure autorun's going to kick in if the person's not logged on.... and if they are still logged on then the attacker can just run it himself or enable autorun (if he really is that lazy he could keep a script to to it for him when a machine doesn't autorun....)
Carpe Canem - Seize the Dog
Gee, I know not a day goes by that I don't walk through and see people plugging their Dreamcast into my network. Nope, nothing unusual about that. Carry on.
"An unarmed man can only flee from evil, and evil is not overcome by fleeing from it." Col. Jeff Cooper
If There are still quite a lot of people who know the difference between a hacker and a cracker, then let us not talk as if we didn't. It's crackers or malicious hackers, plain and easy.
Some people avoid to call some contemporary music "Rhythm and Blues", because there was a different style of that name before.
I avoid to call malicious hackers just hackers, because hacking is fun, a healthy sport for both yourself and the society you live in.
If you think I am wrong, search the web for the Jargon File. It points to some good reading about the history of the term.
--
hummm, not sure RedHat is the best exemple in linux security :-)
The big problem with RedHat is that by default, the box is HIGHLY unsecure. Lots of stuff running and possibly hackable.
And even if all you say is surely true, you are wrong, the most secure server is not a MAC.....It's simply the system that is managed by a good admin. I'm pretty sure 95% of the hacks were made possible because the admins didn't do their work( like updating the packages ).
gaining physical access for DOS attacks:
this hi-tek method consists of unpluging a server or network cable.
Hey now, that hits a little too close to home there.
I'm married, I have a reason to be on slashdot on saturday =)
-- This space for lease, low setup fee, inquire within!
Years ago, I did desktop support for a large government installation. I would get assigned a handfull of cases per location at a time. Inevitably, one of those cases would be for someone who was away from their desk with their desktop locked via screensaver. It was good that they were following policy and used either a timed or manual lock - it was bad that normally I'd have to leave a "sorry we missed you" card and their case would go back in to the cue (and further delayed).
Then I burned an autorun CD that would kill their screensaver when popped in to their CDROM drive. I very rarely ran in to a workstation with autorun disabled. What I usually got was quick desktop access and often a customer comment card thanking me for the quick turn-around.
Not true! OpenBSD and Linux and WinNT all learn about some exploits AFTER the exploit was seen in wild and BEFORE an update exists! The most secure site is a NON-ADMINISTERRED MAC! not linux with its 400 to 700 exploits, many of which were undiscoverred for months, and many unpatched for days.
I was wondering if anyone here has ever gone to you local Wal-Mart or similiar retail computer dealer, rebooted the machine to DOS, and FDISKed it?
http://www.pugo.org:8080/
As it points out, you can't listen on any port you want, because PostSCript lacks the ability to open sockets, post listens, or accept connections.
On the other hand, a few modifications, and it can listen on the LPR port of an HP network printer (all it has to do is intecept new connections, not listen or accept by itself).
-- Terry
If you have unmonitored physical access to a machine, you can tell it what drive to boot from, which means you can root the machine by simply booting off a disk of your choice. The point is, don't expect a machine to be secure if untrusted parties have physical access to it.
...The speakers demonstrated for the crowd how an attacker can slip a tunneling CD into a CD-ROM drive, a Sega Dreamcast ( news - web sites) gaming console, or a Compaq iPaq, and connect to the network...
To be fair, any hacker who can slip a CD into an iPaq deserves net access from whoever they choose...
Feel that power? That's mah MOUSING FINGER
First, the "crack-a-mac" contest a few years back led to a widely publicized crack, even though it was a mistake in configuration as I recall. (I don't remember what OS). Second there is no such thing as unhackable. If a mac hasn't been cracked yet it's because there are too many PCs for people to spend their time on macs. Third, MacOS 8 or 9 is easy to remotely administer if you gain enough access to install remote admin devices (there's one on http://securemac.com but I forget its name). Finally bugtraq has never called macs "unhackable" nor would they be so irresponsible as to call any machine that.
Well that last post got me looking for info on the crack a mac contest; here are some details.
On my campus:
1) Buy people, rival firm has a product you need to sabotage... well hire their best brains so it turns out shit... and you get the product as well.
Our company is rated as one of the 50 best companies to work for by its own employees.
2) Have a clipboard, 99% of companies and people in those companies will not query a suit with a clipboard. This gives you the ability to walk into any areas saying you are doing a "Time and motion" study for the new Quality Iniative. Or do an "assets" audit and take away servers for "verification" that aren't on the "official register".
Our facility, though comprising over 300 people, functions as a closely knit team. Nobody unknown to us gets past the lobby, clipboard or not.
3) Buy the people
Our company is rated as one of the 50 best companies to work for by its own employees.
4) Have someone join as a graduate, or even as a more senior person. Sure it violates their contract, but just pay them the cash.
Our company is rated as one of the 50 best companies to work for by its own employees.
5) Supply the network upgrade at low low prices via a subsiduary, then ensure they can be "remotely administered as part of the outsourcing and support deal".
We manage all our networks internally. An "outsourcing and support deal" would be laughable.
6) Buy the people
Our company is rated as one of the 50 best companies to work for by its own employees.
7) Walk into PC support, ask for a backup of your server from date X put onto new server Y. Or even better just get the required files burnt onto CD. Sure you have to fake the paper work, but that isn't hard.
All of our change requests are managed electronically. To "fake the paperwork", you'd need access to a logged-in system, an acccount on the change management system, and you'd have to show up the next morning to represent your request at the daily change control meeting. Also, we manage our own backups. Nobody unkown to us would ever request one.
All of these will be more effective than hiring script kiddies.
None of these would be any more effective than hiring script kiddies. (Funny story: just this week a script kiddie was caught pounding one of our IPs. Security tracked him down and printed out a desist request on a printer on the kid's network. The attacks stopped a few minutes later.)
Any sufficiently well-organized community is indistinguishable from Government.
Macs werent build to do TCP/IP, that's why. Not only that, but they're mostly useless, and thus nobody wants to waste their time cracking a useless box.
1> What does a command shell have to do with anything? Just because Macs need to be administered in person (with something heavy), it doesn't stop them from executing binary code. Which is exacly how most remote exploits (espicially buffer overflows) work.
2> Always root = no security. You just claimed that a Mac has equal security of a windows 98 box.
3> A buffer overflow works by passing more data than there is room for. A Pascal string has a limit (usually 255 chars), and is easy to overflow (just pass 256 chars). A C string is unlimited (at least in theory) an thus impossible to overflow. However they are usually located in some kind of buffer (hence the name "buffer overflow"), which gives them the same problems as pascal-style strings.
4> so do every other webserver on the planet.
5> That's just a diffent place for the same information. You can change the resource forks on Macs just as easyly through system calls, as you can change the filename on a windows box.
6> I'm pretty sure you misunderstood something here. To do this, you would have to push variables on the wrong side of the return adress, requiring every push to move the return address to make new space, unless your Mac uses the PA-RISC processors with upward-growing stacks.
7> Exactly, there are less Macs. Why attack Macs (both of them), when you can get a few million IIS box with last months IIS crack?
8> You feel that the lack of bug finding and fixing is not the reason that Macs are rarely broken into? Well, if anything it should be the reason that Macs are easy to break into.
And I would add, that Apple have figured out that if they wanted to be taken serious, they better replace their crappy insecure OS, and replace it with a true *nix system, and used BSD for OSX. And finally Macs have a chance of doing some real server work.
I assume you feel the same way about disseminating a catalog of cars that are easy to hotwire. How about books on explosives? A list of local speed traps? The names of companies that do business with South Africa (if you care about that sort of thing)? Where, exactly, do you draw the line?
Any sufficiently well-organized community is indistinguishable from Government.
Five minutes later, we had a new password. I wasn't asked for an invoice number, name, or anything. I was a little worried. Should ISPs and such start taking 'hints' and stuff (mother's maiden name.. etc)?
Personally, I think it's a dilemma. Customer service reps think that since someone went to the effort to call, they must be the account owners. It's no surprise Kevin Mitnick knows more about the Vegas phone system than the phone company does! Ask, and ye shall receive. Someone else ask, and they shall receive too. :(
Let's see... 75 to 85 percent of all computer break-ins are made through social engineering. How obsolete is that?
--
If I actually could spell I'd have spelled it right in the first place.
See the parent to my comment, and it will make sense... it's tongue in cheek. ;)
slashdot!=valid HTML
To be fair, any hacker who can slip a CD into an iPaq deserves net access from whoever they choose...
I believe that you mean "whomever".
Is this a sigs-optional kind of place? 'Cause I am totally down with that if you know what I mean.
SO TRUE! I work for a walmart as well, the office where the main servers are kept in the store is called UPC office and it is also where all printout reports are sent to, all wireless terminals are returned/checked out here as well© The office has a little window right by the door which has a doorhandle rather than a knob, just reach in and wack the handle and you are in© Now the next step is to have the right usernames/passwords for their aix systems© ¥half the windows nt sytems are sitting at a open desktop burned into the vga screen© From what I have watched, at any aix terminal you can login as smart ¥no password even asked and jump right into the smart system login ¥where you will need a username and password Just make up a username that you might hear over the intercom© Password is usually passed or password ¥hell i didnt change my password up until a year after i got access only because one of the wireless terminals had a busted keyboard that you couldnt use efghi in any way© So i changed the pass to a number
Being on Inventory Control, I have to pick up picklist printouts in UPC all the time© Sometimes I can get someone to let me in, i just run in unobserved and pick up the picklist© I have twice used the manager's login ¥left open by the upc manager to reprint stuff because it just never showed up at the printer©
Random Anonymous Coward
I send this CD in order to have your advice.
Our company is rated as one of the 50 best companies to work for [fortune.com] by its own employees.
I fail to see your argument here. for a large sum of money I would have a very hard time doing the "right thing", even involving murder, theft, etc. Perhaps I'm cynical, but I feel everyone has a price and it's typically not much more than a few million.
Working for a great company is one thing, but making enough to never have to work again is, in a word, priceless.
or a script kiddie who is publishing vulnerabilities
By definition, a script kiddie is not publishing exploits.
Anyway, who's going to pay you "several million" to "never have to work again"? The whole reason that money's out there to begin with is they want you to work for them, instead of the competition.
Any sufficiently well-organized community is indistinguishable from Government.
7) Walk into PC support, ask for a backup of your server from date X put onto new server Y. Or even better just get the required files burnt onto CD. Sure you have to fake the paper work, but that isn't hard.
...
... walk into PC support? LOL! Ask for a server backup?? ROFL!!
All of our change requests are managed electronically. To "fake the paperwork", you'd need access to a logged-in system, an acccount on the change management system, and you'd have to show up the next morning to represent your request at the daily change control meeting. Also, we manage our own backups. Nobody unkown to us would ever request one.
Agreed that obtaining change control "paperwork" is harder than a system compromise. Daily change control?? I thought weekly was bad enough
Also
This *might* work in a really small company. It would never work in any company with even decent security - especially with sensitive data.
Where the hell are my mod points???
Why do people pronounced it hack[er|ing], when it is spelled crack[er|ing]?
How has 'building|making' been/is confused/missused/associated with 'destroying|demolishing' things?
Case :
hack[er|ing] == building|making;crack[er|ing] == destroying|demolishing;
I think before publishing material publicly, one should do some research and confirm sources/results with other relevant people on that subject.
(eg. confirm "hack[er|ing]/crack[er|ing]" with (a) guru[s] in computers, like ESR).
This goes aswell to the slashdot editors for their (subject)postings; and all other form of publishing (you know who you are).
Reference :
http://www.tuxedo.org/jargon/
http://www.tuxedo.org/jargon/html/entry/hacker.ht
http://www.tuxedo.org/jargon/html/entry/hacker-et
http://www.tuxedo.org/jargon/html/entry/cracker.h
http://www.tuxedo.org/jargon/html/entry/cracking.
http://www.everything2.com/index.pl?node=hacker
http://www.everything2.com/index.pl?node=dark-sid
http://www.everything2.com/index.pl?node=cracker
http://www.cs.berkeley.edu/~bh/hacker.html
http://home.planet.nl/~faase009/Ha_hacker.html
http://www.plethora.net/~seebs/faqs/hacker.html
http://searchsecurity.techtarget.com/sDefinition/
http://searchsecurity.techtarget.com/sDefinition/
I don't claim I know more than I know, and if you know you know more than I know, then by all means, let me know.
"Any connection between your reality and mine is purely coincidental." -Slashdot
I have to wonder in the days Apple hiring members of the public to speak for them....
Is "Anonymous Coward" on the payroll? If he isn't shouldn't he be?
Especially if Apple had recnetly launched a new line of sexy servers that weren't doing too well...
social enginneering, physical hacking? obsolete? what kinda script-kiddie are you?? it might not be common anymore, but its definitly not obsolete, unused maybe, but if you're good, its easier
He called it "Black Hat Linux". Them were crazy times; it was a wonder girls wouldn't talk to us.
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
"Yeah, my 'ole man who works in a nucular plant sez so too." That's a correct sentence, right?
Is it used by the majority of English-speakers? Would most English speakers consider it a proper sentence? If so, then yes, it's proper.
Just to remind people interested in this:
Project is at http://sourceforge.net/projects/linuxdc
irc is at
#linuxdc at irc.openprojects.net
The project needs kernel hackers - you too can join the elite - as there are a number of simple devices still in need of drivers. Userland work also welcome.
Nobody noticed - or if they did, they realized they couldn't complain without tipping us off that they were installing games | stuff | whatever.
I think it depends on the type of user you are targeting. Most business people still suffer from cases of severe "metaphor-shear" and naivete when it comes to computers. I see it every day in my line of work. Digital artists tend to usually be the most savvy members of the workforce, but they on the whole are a very small segment of the working population.
;) call up a Starbucks in Manhattan with the cHeEzY line of "Hi, uhm, this is Carl in tech. You guys having a problem with your modem? You know the one you use to authenticate credit card numbers"? He then proceeded to get the hairless ape on the other end of the line to give out somebody's AMEX number and experiation date.(!!!)
;).
But I continue to be amazed at the silliness of the average worker. I just freelanced a few weeks ago at a company of 150 employees that had NO FIREWALL. I was dumbfounded. The "IT" guys there were a bunch of stoner-LuZ|2$ whose ratioanle was that "Oh...we only have 125 macs and 25 Win9x machines. You can't hack a Macintosh and we don't have enough Windoze machines to interest any hacker!" No amount of reasoning could convince them and this was only WEEKS ago not YEARS. And this was a multi-million dollar company on 5th Ave in NYC! So please, don't try to convince me that people are more savvy about computers today than in the past.
It takes a LOT more than a few decades, apparently, for these semi-evolved hairless apes (i.e. us) to come to grips with this new technology!
If I wasn't suffieciently convinced by these experiences the clincher was the demo of Social Engineering put on at h2k2 this year in NYC. Where I saw Emmanual Goldstein (no not the fictional character from 1984
For a follow up, he then called the Russian Tea Room (it was still open at that point) and with the line "I think my wife made a reservation for tomorrow night. I am a writer and I use a lot of pen-names, could you please tell me who has a res for 8pm". He then proceeds to get the name and PHONE NUMBER for the person with a reservation at that time. He said thank you and changed the reservation. And for a finishing touch he called that number (in the guise of a Tea Room employee) and changed the res on that end (citing "Health inspections" as the reason. You don't think that had anything to do with them closing, do you?
So what can you say? If you choose your targets carefully enough you can have ASTOUNDING successes. And, given the numbskulls I see who are members of the "Business elite of Manhattan" I can't say that I'd beleive them to be canny enough to rebuff such common-sense defying attacks.
In short, in order for social engineering to cease in its effectiveness, people have to be something resembling common-sensical and savvy.
Social engineering obsolete? Bunk!
Quod scripsi, scripsi.
True, true.
Actually it really easy to stop. Disable autorun on the servers. Somthing most IT admins do anyway. This microsoft support page tells how. http://support.microsoft.com/default.aspx?scid=KB; EN-US;Q155217&
--Should work--
Um, what exactly do you think that noise _is_?
:)
(Unless you're doing it deliberately, and have an active jammer generating white noise, of course, and even then the spikes produced by keyboards can usually be picked up...)
Of course, at that point it starts to become easier to take a chance and try a pick gun on the locks, install a keylogger, and hope your cat doesn't escape before we leave.
The whole reason that money's out there to begin with is they want you to work for them, instead of the competition.
I'm sorry,perhaps I misread the previous comments. My understanding what not that a company wanted to steal away employees as much a sabotage the competion. In the case of sabotage you most certainly would pay a large amount to never see a certain rival company's employee ever again.
It really sounds like you know what you're talking about! I'd hire you as a sysadmin/guru/god any day! Please send me a mail asap
2> No Root user.
That rocks, everyone can do anything. Sounds alot more secure. Why didn't anyone else think about that!?
4>: Macs running Webstar have ability to only run CGI placed in correct directory location and correctly file "typed" (not file name extension).
As in apache, where you can define both extension and location
7> There are less macs, though there are huge cash prizes for cracking into a MacOS based WebStar server.
Gee That's a good argument for starting to use more mac
8> MacOS source not available traditionally, except within apple, similar to Microsoft source availability to its summer interns and engineers, source is rare to MacOS.
And MS is famous for it's splendid security? Let's all hide the sourcecode and we'll all be safe!