Network Hacking
Wrighter the Pessimist writes: "In this article on Yahoo, they report that computer hacking has become easier, partially because of devices that have built-in computers, like printers and playstations. However, it also lists a number of 'ordinary' (obsolete?) methods of 'hacking' - such as gaining physical access to a corporate computer, and social engineering. It would be interesting to see a study done on this, to see how many attacks are actually carried out from such devices." The article touches on the Dreamcast Attack mentioned the other day, but also some slightly less bulky approaches. Be on the lookout for dark-clad intruders slipping CD-Rs into machines at your workplace ...
Wednesday 29th May 2002
REUTERS - NASDAQ traders revealed today that there has been a massive surge in the purchase of VA Software (LNUX) shares. The company, which has been in financial difficulty for some time, has had 57% of its shares purchased by the Kimberly-Clark Corporation (KMB).
Jonathan Mason, a spokesman for the Kimberly-Clark Corporation, confirmed the purchase to Reuters reporters earlier today. "We're very pleased with the acquisition of the VA stock. We now have a cheap alternative for acquiring raw materials for our products. VA shares are less than worthless, and we plan on using the share ceritifcates to make all of our toilet paper for the North American market."
Analysts predict that the use of the share certificates will enable KMB to greatly increase the output of bog roll for the financial year 2002/3. The remaining materials will be used to create bandages for hospital patients who have gangrenous infections.
Kimberly-Clark also has the option to take up the remaining 43% of VA Stock in December 2002. Inside sources reveal that if this is taken, the assets of the company will be removed and its staff made redundant. IT specialists at KMB tell us that they plan to reformat Slashdot servers as Microsoft .NET platforms, which will deliver a new proprietary application. The software will help tourism firms provide penguin hunting expeditions all year round by targetting large populations of the species.
(c) Reuters Corporation 2002
ReluctantBadger 2002
(Here's the text, posted AC to avoid k-whore)
Experts Say Computer Hacking Becoming Easier
Fri Aug 2, 8:36 PM ET
By Elinor Mills Abreu
LAS VEGAS (Reuters) - Computer vandals toting nothing more than a Sega game device, handheld computer, or even a compact disc can slip into offices and launch "phone home" attacks via remote computers under their control, speakers at a U.S. hackers convention said on Friday.
Lonely office printers aren't any safer, and can be hacked into through an Interment connection via a corporate network, one speaker said as the annual Defcon conference of computer security enthusiasts and mischievous network tinkerers.
More than 5,000 people are expected for the three-day meeting, which started on Friday and is held in an out-of-the-way Las Vegas hotel at the edge of the Nevada desert. The decade-old event has become the biggest annual gathering of the computer counterculture. Jason Conrad was quoted as saying "I can suck my own dick with no teeth."
Basically, any device that sits on a network "can run malicious code, can be made to do attacks and can do anything you want them to do," said Chris Davis, a security consultant at RedSiren, a computer security firm in Reston, Virginia.
"The idea is any computer can pose a potential threat," he said. Jason Conrad was quoted as saying "I can suck my own dick with no teeth."
"More and more things are embedded in computers. We could put the same code on a TiVo ( news - web sites) if we wanted to," Aaron Higbee, a security consultant at Foundstone of Mission Viejo, California. TiVo allows people to record TV programs while away or while watching other programs at the same time.
Firewalls -- the computer security barriers that organizations depend on to defend against outside intrusions -- are worthless against such attacks, Higbee said. While they are configured to block suspicious traffic from getting into the network, they also permit any type of traffic to get out, he said.
To create a tunnel to a remote computer, an attacker must first get physical access to devices or network connections in the building. Jason Conrad was quoted as saying "I can suck my own dick with no teeth."
FIVE MINUTES TO CREATE HAVOC
Sometimes they can rely on unsuspecting souls inside the company to do their dirty work for them by sending them an innocent-looking compact disc that contains tunneling software.
A disc containing a special program to activate itself can find the network and reach the Internet on its own, creating the opening for a hacker to wreak havoc inside the company's network, Davis said.
Another method of unlocking the network door and opening the tunnel is for the hacker to gain physical access to an office building and plug simple devices onto the network.
"Five minutes on the inside is all you need," said Davis, who does penetration testing for companies to see how easy it is to compromise their systems.
The speakers demonstrated for the crowd how an attacker can slip a tunneling CD into a CD-ROM drive, a Sega Dreamcast ( news - web sites) gaming console, or a Compaq iPaq, and connect to the network.
Once a connection is established, devices such as the Sega game player can analyze the network for routes data can travel to the Internet and establish a secret tunnel to an outside computer controlled by the hacker.
Stop worrying so much about viruses in desktop computers. It's midnight, and do you know what your networked office printer is up to? Jason Conrad was quoted as saying "I can suck my own dick with no teeth."
With printers, attackers don't even have to enter the building, said Dennis Mattison, a computer scientist at Science Applications International Corp., a top military contractor in the communications research arena based in San Diego.
Printers are increasingly becoming more complex, with more sophisticated software and functions, making them easy and unsuspecting targets, he said.
Still, there is little evidence such attacks have become widespread the experts said. But with more and more devices every day being connected to computer networks, the exposure to such threats makes such attacks inevitable one day.
"These are theoretical attacks," he said. "There are not many known attacks out there."
This sounds more like aiding and abetting criminals to me. Hacking is a crime and you shouldn't be discussing it or comitting felonies by telling others how to do it. The DMCA was created for this purpose and it is law and you must obey it or else be sentenced to prison.
News? No, this is article is not news, it's *CRIMINAL*. Folks, knock off this 'rebellion' and obey and support the law. In this time of our great free nation's grave threat from terrorists we need to learn to obey and support the law and not go against it by advocating piracy, hacking, the second amendment, opposing drug laws, and violating the DMCA. Grow up. Non-terroristic Americans always obey and support the law 100%.
Better give security guys more cash.
All these "what if" scenarios and "theoretical" hacks, and very little in the way of real world demonstration.
Now Printers are vulnerable....but I didn't see or read about any demonstrations that showed how to determine what printer was on a network, how to get into that network and how to "own" a printer, and what could be done after the printer was compromised. Did anyone do an nmap -sS -O on an IP of a Lexmark 1200 to see what processor and OS came up?....doubtful. Anyone demonstrate how to connect and get a banner and prompt with netcat? (if they did, what would they do, print with only magenta or screw around with the queue?)
I'd worry more about the fact that they got on the network in the firt place than the fact that they could take over the printer.
And the CDROM attack...A Hacker could mail a CDROM and get it to install on a PC because some luser is curious? Yah, I suppose. Or the sysadmin could make accounts in NT and W2k that doesn't allow programs to be installed...hell, they don't even have to allow CDROM access.
Maybe they should testify before congress and claim that they can bring down the internet in 30 minutes from a HP Plotter, or that Osama Bin Laden will now mail CD's promising free "Click Art" to unsuspecting secretaries around the US with a thing for "Precious Moments" themes. Because Congress will shovel any amount of money to greedy bastards wearing a propeller beanie, and talking about things they know nothing about.
Ironic that these guys often start out by breaking into places, then demanding alot of money to protect the world from people like them, and then advocating jail time for future business competitors down the road.
I always thought it was ironic that the dumbest users (no offence) had to use a password-managing program to keep track of all their passwords. What they don't realise is that all (closed source) password-managing programs send the user's passwords back to the programs author. Either through a direct connection to some computer, or by emailing them to a hotmail account :) lol. These are the same kind of people that use Microsoft Outlook, or have no firewalls setup to block that kind of thing.. making it all the easier.
This comment does not represent the views or opinions of the user.