Slashdot Mirror
Network Hacking
Wrighter the Pessimist writes: "In this article on Yahoo, they report that computer hacking has become easier, partially because of devices that have built-in computers, like printers and playstations. However, it also lists a number of 'ordinary' (obsolete?) methods of 'hacking' - such as gaining physical access to a corporate computer, and social engineering. It would be interesting to see a study done on this, to see how many attacks are actually carried out from such devices." The article touches on the Dreamcast Attack mentioned the other day, but also some slightly less bulky approaches. Be on the lookout for dark-clad intruders slipping CD-Rs into machines at your workplace ...
At first I took the notion with apprehension. But then I recalled, there was a time when we told people "You can't get a virus in a document file", "You can't get a virus from your email message" But even back in the day, you could cause extensive damage to your dos machine just by typing a text file with malicious ansi codes. Microsoft and others who have opted for the "feature rich" approach to dynamic documents have created more security problems than convienences.
Postscript is a pretty powerful programming language, and most printers today have it embedded. While I don't think it has TCP/IP capability yet, it wouldn't surprise me if someone doesn't find a stupid reason to implement at feature into the printer language, or even something that allows more low level control of the printer hardware could be used to gain access to the network. Remember people, it doesn't have to be easy. Virus/Trojan writers pride themselves on invading the bold new frontier. Don't get complacent.
As more appliances get network connectivity and more flexible embedded processors and operating systems, they'll all be subject to the same concerns. I'm already addressing some of these issues with my simple home automation projects. The computer I use to control things is isolated from the rest of the network other than the single open port for commands. Despite the security I might have implemented on my network, I can't assume that the network is always safe. And while right now I only have lamps and sprinklers on this system, when more complex (and potentially dangerous) appliances get added, a comprised system becomes a serious liability.
-Restil
Play with my webcams and lights here
There's another related article on Yahoo! that mentions that it's okay to hack back.
Things you think are in the Constitution, but are not.
Why even bother with physical access? The number of people here at work who screw their machines up due to email viruses received through checking their Hotmail, Yahoo and AOL webmail accounts at work is frightening.
Those viruses and trojans slip neatly by all the elaborate MS Exchance server based virus scanners we have.
And since this is a non-technology sector corporation, they try to cut costs where ever they can, which means McAffee virus scan on the local computers, which has caused so many conflicts between the latest virus definitions and programs like Microsoft Word that most end users tend to turn automatic virus checking off without permission.
In the end, social engineering will never be "obsolete".
2) Have a clipboard, 99% of companies and people in those companies will not query a suit with a clipboard. This gives you the ability to walk into any areas saying you are doing a "Time and motion" study for the new Quality Iniative. Or do an "assets" audit and take away servers for "verification" that aren't on the "official register".
At my local Walmart, the store's network backbone is located 20 feet from the door leading to the backstock room. There are no obtrusions (except for the occasional six-wheelers with merchandise), and the door's always open. Three-quarters of the time, there's no one in the room, and even if there is, it's typically a low-end manager (the high-end managers like to stick with their own offices) who don't know about how computers work. There's only a "regional" administrator...Walmart feels it's more efficient to let the machines work on their own and pay someone only when the machines don't work.
All you need to do is look young, wear kahki's and a polo shirt, and carry your "geek-bag-o-goodies", and no one will question you being there. As long as you look like you know what you're doing, no one will think otherwise. In fact, there was even one time where I walked in there completely unanounced just to use the telephone (I work for a vendor, not for Walmart). A manager saw me as he walked on by outside the room, and had no problems with me being in that room.
Now, realize that the computer network at Walmart controls everything...the lights, heating, TV / Radio / Announcement systems, the ATM network, evertything. Every Walmart has a satellite hookup to the mainframe (no idea where that is).
My point is that people are way to afraid that someone's going to get them by hacking into the computer, while no one's worried at all about someone walking in and getting them from the inside. There are some wide-open doors when it comes to internal network security (or lack-thereof), and it doesn't take a Hollywood actor to pull off a slip into the server room of almost any company.
Till this day, I have users who call and are handing over their username and password without me saying anything more than "Hello!".
There are users I call who hand over the same information without any thought. Most of the time, I am there busy telling users to please not give me that information. The comparison of the username/password being like an ATM card and pin just doesn't work.
Our abuse department (yes we have one) has a two strikes and you're out policy. That is to say, if anything happens from your account the first time, you are given a warning and forced to read the entire IT policy. The second time, you account is deactivated in effect terminating your employment/affiliation with the university. You pretty much need your account for everything.
This issue has been spoken about for years and things rarely improve, but I still believe educating users is the best way to eventually solve the problems here.
I am Lord Snowbeam. Heed my call!
http://www.pugo.org:8080/
As it points out, you can't listen on any port you want, because PostSCript lacks the ability to open sockets, post listens, or accept connections.
On the other hand, a few modifications, and it can listen on the LPR port of an HP network printer (all it has to do is intecept new connections, not listen or accept by itself).
-- Terry