Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stealing Data? A Sniffer Shows it's Easy

Posted by timothy on from the duh dept.

museumpeace writes "Though its not exactly a How-To of cracking into financial institutions, a few intriguing details are mentioned in a New York Times article "the Sniffer vs the Cybercrooks" (it's worth the cookie). From the article: ""Tell me the things you most want to keep secret," Mr. Seiden challenged a top executive at the bank a few years back.....A week later, Mr. Seiden again sat in this man's office in Manhattan, in possession of both supposedly guarded secrets....""

10 of 206 comments (clear)

  1. BugMeNot by Fermatprime · · Score: 4, Informative

    http://www.bugmenot.com/

    gets you past registration

    --
    I hate the one hundred and twenty character limit for signatures with an all-enveloping, all-destroying, incredible pass
    1. Re:BugMeNot by pyrrhonist · · Score: 4, Informative
      or we can all use this from now on: username AnonymousCoward password password

      No, actually, you can't. The NYT routinely removes accounts that are being used by more than one IP.

      That's why you need to use the bugmenot.com site mentioned above (i.e. logins that no longer work are removed from bugmenot's database). Furthermore, bugmenot works with other sites besides the NYT.

      Also, for Firefox users, you can try the extension.

      --
      Show me on the doll where his noodly appendage touched you.
  2. protect yourself using SATAN by Anonymous Coward · · Score: 1, Informative

    SATAN is a software package which can determine whether there are sniffers on your network. It finds some sniffers when the sniffer host looks up the same dns entries as other hosts.

  3. Reg Free by Anti_Climax · · Score: 4, Informative

    Paste this link into google and click through for a single page version

    http://www.nytimes.com/2005/07/31/business/yourmon ey/31hack.html?pagewanted=all

    no reg required

    --
    Even people that believe in pre-destiny look both ways before crossing the street.
    1. Re:Reg Free by Anonymous Coward · · Score: 2, Informative

      Didn't work, but the "New York Times Link Generator" did:

      http://nytimes.blogspace.com/genlink

      The reg free url is

      http://www.nytimes.com/2005/07/31/business/yourmon ey/31hack.html?ex=1280462400&en=31158975e4a4090a&e i=5090&partner=rssuserland&emc=rss

      The first page of the article was semi interesting. I didn't read the rest.

    2. Re:Reg Free by volve · · Score: 3, Informative

      Actually it worked fine. All nytimes.com checks on is a referrer - if it's Google, you get in for free. So even though Google said "hey, I got nuthin!" for that URL, just click it again and voila, you're in.

      -volve

  4. Reg free link by Anonymous Coward · · Score: 1, Informative

    Geesh people... how hard can it be?

    http://www.nytimes.com/2005/07/31/business/yourmon ey/31hack.html?ex=1280462400&en=31158975e4a4090a&e i=5090&partner=rssuserland&emc=rss

  5. Re:Uhhh... by James+Youngman · · Score: 2, Informative
    SATAN is a vulnerability scanner. It was actually the first Open Source vulnerability scanner out there and reputedly got the author kicked out of SGI. It had a patch to rename it SANTA,
    SATAN was by Wietse Venema and Dan Farmer. Farmer worked for SGI as "Security Czar" at one point. However, the patch you refer to was, I think, unneccessary - the name change ablity was part of the distributed software.
  6. Re:It is very easy by Anonymous Coward · · Score: 2, Informative

    Whilst I recognise this, as a techie I've seen plenty of weak security, and been left unattended with computer systems that handle a LOT of money.

    However my experience is that organisations where security really(!) matters, or handling very big money, you just don't get in the door unescorted.

    And in one case, by appointment only, no electro-magnetic media, no electronic devices, physical search, photographic id, and they took a photo as you enter (just for the record).

    Most of these also had serious network security policies. That meant even people with significant internal know-how couldn't easily export information (unauthorised) via the network.

    Although interestingly one, which of necessity needed a lot of networking, achieved a lot of the security by dint of the staff not talking about the "problem areas" outside of a "need to know" basis. Technically this is security by obscurity, but it worked surprisingly well. Guess, as they say, it comes down to the people.

    Curiously the only thorough check I've ever been aware of on leaving any place, was a nuclear power station, and they were only looking to make sure I hadn't accidentally been contaminated, not that I think they had many secrets, or anything "safe" to steal.

  7. Stealing? by Anonymous Coward · · Score: 1, Informative

    The data remains, therefore it is not really stolen. It's privacy is merely infringed :P

    But seriously. If you're so adamant about "copyright infringement" != "theft", I think you should do the same for "data theft" and "identity theft". In all cases no physical property is taken, so it doesn't seem right to call two theft and the other something else. Oh, right. It's only "theft" when it affects "us".