Slashdot Mirror

← Back to Stories (view on slashdot.org)

Network Hacking

Posted by timothy on from the prepare-for-cranky-anecdotes dept.

Wrighter the Pessimist writes: "In this article on Yahoo, they report that computer hacking has become easier, partially because of devices that have built-in computers, like printers and playstations. However, it also lists a number of 'ordinary' (obsolete?) methods of 'hacking' - such as gaining physical access to a corporate computer, and social engineering. It would be interesting to see a study done on this, to see how many attacks are actually carried out from such devices." The article touches on the Dreamcast Attack mentioned the other day, but also some slightly less bulky approaches. Be on the lookout for dark-clad intruders slipping CD-Rs into machines at your workplace ...

7 of 175 comments (clear)

  1. Comment removed by account_deleted · · Score: 4, Insightful

    Comment removed based on user account deletion

  2. Stealing Secrets 101 by MosesJones · · Score: 5, Insightful


    If doing this for a living rather than being a sad muppet who thinks its "cool" (Snowboarding is cool, Skydiving is cool, hacking IIS is not cool).

    1) Buy people, rival firm has a product you need to sabotage... well hire their best brains so it turns out shit... and you get the product as well.

    2) Have a clipboard, 99% of companies and people in those companies will not query a suit with a clipboard. This gives you the ability to walk into any areas saying you are doing a "Time and motion" study for the new Quality Iniative. Or do an "assets" audit and take away servers for "verification" that aren't on the "official register".

    3) Buy the people

    4) Have someone join as a graduate, or even as a more senior person. Sure it violates their contract, but just pay them the cash.

    5) Supply the network upgrade at low low prices via a subsiduary, then ensure they can be "remotely administered as part of the outsourcing and support deal".

    6) Buy the people

    7) Walk into PC support, ask for a backup of your server from date X put onto new server Y. Or even better just get the required files burnt onto CD. Sure you have to fake the paper work, but that isn't hard.

    All of these will be more effective than hiring script kiddies.

    WARNING: Do not try the above at a military base, unless you want to get shot, corporations will normally just have you prosecuted.

    --
    An Eye for an Eye will make the whole world blind - Gandhi
  3. Changing passwords often by Anonymous Coward · · Score: 1, Insightful

    My place of work is so secure it changes ALL the passwords almost every 3 days. And just as you would expect, 1 in every 2 or 3 workstations has every single user/pass combo on a Post-It(tm) stuck right to the monitor.

  4. Re:Obsolete? by Cyno01 · · Score: 2, Insightful

    you cant social engineer a voice mail system, to truly social engineer you have to get a live person, which is becoming harder and harder to do over the fone these days

    --
    "Sic Semper Tyrannosaurus Rex."
  5. Re:news? by Kierthos · · Score: 2, Insightful

    Personally, I'd say that if a programmer knowingly and willingly created/promulgated bugs and vulnerabilities, there should be some sort of legal response to that. If it's a bug/vulnerability that was not obvious or possible to be noticed until distribution, that should not carry anywhere near the amount of action against the programmer. (They should still fix it, mind you.)

    Likewise, someone who publishes bugs and vulnerabilities with no actual interest in seeing those fixed should be hammered as well. I mean, if it's a cracker or a script kiddie who is publishing vulnerabilities so that other crackers and script kiddies can exploit them, well, that's just as bad as not fixing the vulnerability. If it's someone publishing them with the intended purpose of having them fixed, again, different circumstances.

    Kierthos

    --
    Mr. Hu is not a ninja.
  6. Hacking? You mean vandalism? by kst · · Score: 2, Insightful

    I would expect Slashdot, of all places, to avoid misusing the word "hacking".

    Even if we were to give up the battle over the original meaning of the word (a concession I do not make), the meaning being propagated by the media seems deliberately designed to cause confusion. When the same word is used to refer to (a) exploring and/or modifying a system you own, (b) breaking or bypassing the security features of a system someone else owns, and (c) breaking into and vandalizing a system someone owns, it gives the impression that anyone who does any of these things is a criminal -- or, conversely, that anyone who vandalizes someone else's computer system is just having a little innocent fun.

    If you want to talking about someone breaking into someone else's computer system, call it what it is -- trespassing. If you want to talking about someone deliberately modifying someone else's computer system without permission, call it what it is -- vandalism.

  7. Re:news? by fr2ty · · Score: 2, Insightful

    If There are still quite a lot of people who know the difference between a hacker and a cracker, then let us not talk as if we didn't. It's crackers or malicious hackers, plain and easy.

    Some people avoid to call some contemporary music "Rhythm and Blues", because there was a different style of that name before.
    I avoid to call malicious hackers just hackers, because hacking is fun, a healthy sport for both yourself and the society you live in.

    If you think I am wrong, search the web for the Jargon File. It points to some good reading about the history of the term.
    --