Slashdot Mirror
Penetration Testing TV Series Coming
ChazeFroy writes "CourtTV (TruTV) has a new series starting Dec. 25 at 11 pm called 'Tiger Team.' It follows a group of elite penetration testers hired to test organizations' security using social engineering, wired/wireless penetration testing, and physically defeating security mechanisms (lock picking, dumpster diving, going through air vents/windows). They do all of this while avoiding the organizations' various security defenses as well as law enforcement. The stars of the show also did a radio spot this morning in Denver." Wonder how they socially engineer away the presence of a camera team in the air vents.
...some sort of interactive pr0n... I don't want to see the set-top box.
It's kind of off topic, but why does "dumpster diving" make me laugh every time I hear it? Like it's a sport to go rummaging through the trash... LOL
Funny, when I did that they called it B&E - sigh.
It must have been something you assimilated. . . .
Opening montage of the show is on Youtube: http://www.youtube.com/watch?v=4Be-ZzcXVLw
COPS meets Tiger Team. I see a great need.
Good, inexpensive web hosting
I thought it was a reality TV show about life in a condom factory.
On Court TV? I thought that kind of show only aired on Cinemax after midnight.
Kudos to the first group to penetrate the series' offices and make off with their tapes.
In Soviet Russia, Elites Penetrate You!
So.. I guess shows over when they get caught?
"They would have a field day with the title alone"
Yeah! Like you guys are straight laced or something.
Besides Mission Impossible did penetration testing better. Although the guys at Trojan condom might be number two.
I was going to write something witty and mildly suggestive. like "hey, so THOSE are the guys that inspect all those condoms that say things like inspected by No.4. I could be that number 4! Look out ladies." (Score:3, Funny)
...But THEN I realized once again that this is Slashdot, and that this story contains computers and myriad potential for dick jokes! (Score:5, Super Awesomeness OMG)
...something something computer security!
Then I realized that this is Slashdot, and most of us couldn't get laid if it was our jobs. (badum pum. ah-thankyou) Score:2, Funny or Score:2, Insightful.
So uh.... I could totally be that Number 4 inspector!
????
Profit!!
I got a fever...and the only cure is more cowbell!
Set top boxes that give you feedback on the presence of any loose male cables dangling from their backsides through a series of audio tones.
Sources familiar with the development of the units indicate that the cable integrity is calculated through an internal "fulfillness meter" each box has that is dynamically calibrated to the thrusting force of initial cable insertion by the owner.
The audio tones are said to become louder as the internal weight of the portion of cable inserted decreases on a linear scale.
New owners feel the new design could be a boon to children, who lacking a cohesive concept of proper cable pairment, had difficulty before in detecting the causes of abnormal video problems with the units.
"I'm sick of all this sex on the tellyvision--I MEAN, I keep falling off!"
- Mrs. Nesbit
Don't make Americans even more freaked out. Everyone's already worried about 'security'. Don't make them think that us average dumpster divers and hackers are bad people.
Tibbon
tibbon.com
It's been like 5 years.
No, I'd like to see "I'm A CEO - Get Me Out Of Here".
Steve Ballmer, a stack of chairs, and Larry Page. Oh, and a couple of bottles of tequila. And handguns.
Darl McBride, twelve inches of hosepipe and a bottle of fireants - lube will be optional.
Who else wants to see Mark Burnett or Jon de Mol pick this up and run with it?
Similar concept, but with houses and physical security only.
Sneakers with Robert Redford?
It better be hard or it won't be interesting.
"If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
From the looks of the trailer/montage, it looks like these are people who are paid by the site owners to test the security systems; the tech security equivalent of "secret shoppers".
Not very surprising, but what does surprise me is that the site owners are letting CourtTV broadcast to the world that their facilities are insecure.
- RG>
Hey pal, this isn't a pleasantforest, so don't waste my time with pleasantries!
I'm sure the elite group won't be a bunch of skr1p7 k1dd13z. Nyuh-uh.
Probably auditioned the Geek Squad.
Nah, this won't be laughably pathetic at all!
I don't think they used the word penetration enough in the summary. Hell, with the slashdot crowd, you only need to say it once and you'll get 100% attention.
"...(lock picking, dumpster diving, going through air vents/windows)..."
Aha! Out of that list, looks like "going through...Windows" will be the fastest, easiest way to breach security.
If you say so...
will be the followup outtakes special.
when they called this red cell, marcinko was kicking butt, and it wasnt compromising fax machines, but military bases.
:)
seal team ftw
There's nothing Intelligent about Intelligent Design.
If it's on TV then you know it will be staged and chock full of pseudo-science dumbed down for the unwashed hordes (like Ghost hunters only with even worse acting and cheesy special effects).
acronym for "Too many secrets" remember?
Judging from other reality formats, this may not be too realistic. Show value over accuracy!
Also there are numerous legal issues. For example, instructing people publicly to do this may be illegal in the first place and open you up to liability of somebody uses the methods shown to commit a crime. Also, companies will not agree to have their vulnerabilities shown in public.
I therefore predict that this will only show well-known attack techniques against very common vulnerabilities, but nothing of real informational value.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
...without the appropriate movie reference!
What if I do the same thing, and I do get different results?
Ok, airvents yes, but social engineering would probably benefit from these cameras. A secretary might not stop a guy in an IT suit walking out with a computer, but you think he/she'd be more likely to stop a guy carrying out a computer while he's talking to a 3 man camera team with boom microphones etc. "Hey, where are you going with that computer?" "Oh, I'm John from tech co, is having me lead this team from around about IT in the modern world." (turns to camera) "One thing paramount to security is patching your systems, this machine here has been exhibiting bizzare behavior on the network, most likely due to spyware and that is why it has been removed from the network to undergo analysis in the IT lab." Really, I think the hardest part would be getting the crew to go along with whatever quick responses you give to anyone who really questions you. It only takes 1 guy that acts a bit suspicious and unsure to ruin the whole thing.
If you are about to mod me down, keep in mind that this post was most likely sarcastic.
That was supposed to be: "Oh, I'm John from tech co, <boss's name> is having me lead this team from <media company> around about IT in the modern world."
If you are about to mod me down, keep in mind that this post was most likely sarcastic.
I am guessing this is something like "It Takes a Thief" on the Discovery Channel
Setec Astronomy is the acronym for "Too Many Secrets" in the movie Sneakers.
This is one of those things where just because you *can*, doesn't mean you *should*. And putting it on TV with a CYA boilerplate of "don't try this at home kids", is an astoundingly stupid idea.
It actually kind of reminds me of a segment in Weird Al's movie "UHF".... "Today boys and girls, we're going to learn to make PLOO-TOE-NEE-UM. Out of common, household items."
"No problem. I have the capacity to do infinite work so long as you don't mind that my quality approaches zero."-Dilbert
Porn's finally going main stream?
No, I didn't RTFM nor the summary.
EvilCON - Made Famous by
In case anyone happens to read this, this is my first post (longtime reader, first time caller). To the business at hand. I think all publicity is good publicity, so anything that gets the public more aware and involved with corporate security and responsibility is a good thing. It seems every two to four months there is a huge data leak, and I'm not looking forward to identity theft and the like. As far as making a good tv show goes, lets just hope this show wont have a camera crew following some "it team" around making it painfully obvious that its actors and hollywood. Also, I hope they can make good use of tiny/hidden cameras and keep them steady enough to make this show watchable, as I definitely want more tech shows to watch.
I am crawling deep into this cave - we don't know what is in there but it could be very dangerous... Followed by a head shot of the lead guy crawling toward the camera into the great danger just beyond in the cave.
This show is so obviously faked, or it would be completely boring for the average person to watch. Who wants to watch someone forging credentials and walking around with a clipboard. No way they could do their job with a full camera crew behind them (Well, they could do it once... make fake credentials that they are CNBC camera crew to do an interview with the CEO)
I have mod points and I am not afraid to use them
Obviously, it's important for companies to become more aware of security. On the other hand, it will also provide lots of training material for criminals. I remember reading that some of the crime-detective shows have taught the criminals how they were getting caught, and criminals have started taking the exact precautions needed to avoid getting caught. (For example, using bleach to destroy their own DNA evidence, or putting a bunch of random cigarette butts in the ashtray of a car they had stolen - to create a bunch of false and confusing DNA traces.) The end result is that criminals have become a lot more savy. [sarcasm]But - you know - our entertainment and TV' companies profits outweigh any potential problems these TV programs cause.[/sarcasm]
You can be the Number 4 Inspector, just so long as I don't have to be the Number 2 Inspector. Because, well.. ew.
Carley Fiorina and Pattie Dunne do The Simple Life, sponsored by HP.
(Geeks + tech info + "penetration") = chaos.
Be more careful, Slashdot.
Property is theft.
Victim:'Oh, no all my accounts have been cleared, I've got no money, and someone hijacked my facebook profile, and used it to announce my pedophilia problem....and someone installed cameras in my appartment'
Ashoton Kutcher:'Smile, you're on Penetration Testing'
Victim:'??!!' nervous smile 'can I get my money and reputation back?'
Ashton Kutcher:'errr...no..we're keeping your money, and you're pedophile anyway, we just browsed through your disk'
Victim aka the pedophile:*sweating* 'hehehe'
Ashoton Kutcher:'Smile, you're on Penetration Testing'
Property is theft.
I could see Darl in that, but I doubt Steve will come. Remember, that kind of show is usually reserved for ex-stars. So we'd have to use ex-CEOs.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
So from the radio interview, they explain one of their breakins into an expensive car dealership. The weak point is as usual the employees who let them video tape the place and let one of them into the data center just because he managed to get (through dumpster diving) the business card of their support company.
+4, Insightful !?
;-)
Ok, it might have changed but that is what it said just now when I read it. That is funnier than the comment!
Take it easy, it is just a show but there is a real life also. Penetration testing wasn't new even when I hit it in an insurance company(70's). We did it and when we did need professionals hired people from an UK company for that, they were good, very good. They were impressed of our computer / systems security but much less of our physical security (heh, I was responsible of systems security). I still remember our CEO really blowing up when the penetration team presented him a couple of very sensitive business documents they had found, some big changes after that. Our own work was mostly catching insurance cheaters and also some insiders who did use our resources, let's say, not a proper way. It meant installing all kinds of loggers, keyboard / display loggers are nothing new, on their workstations, sitting there in nights watching them to access foreign accounts, normally allowed but.. So it happens.
Hope this goes better than when the Mythbusters tried it...they may have tested it under the cover of film myths but boy did climbing an air duct NOT work. :D
Like any "reality show", they show at best a recreation of actual events.
Assorted stuff I do sometimes: Lemuria.org
Tigers helps you penetrate
.. which TV station they were breaking into when they got busted and claimed that the whole thing was just a pilot for a new show. I think only the people at Fox would fall for that.... /is prepared to be modded down considerably for that //promise I'm not trolling...
I have already seen shows where people are hired to brak into houses and buildings and then 'steal' things. The people get a new burglarproof house, which is then also tested.
Probably this will follow the same format, but include other techniques as well.
What people do not realize is that with the world of spam, people hardly ever target one premisis and then see what the best opportunity is, but rather look for the best opportunity and then see to what premesis it is connected.
Don't fight for your country, if your country does not fight for you.
Tag should be "setec astronomy", not "ctec astronomy"
Why doesn't the gene pool have a life guard?
Testing their own security.
I have excellent Karma and I am not afraid to Troll it.
they just air clips of The Broken hosted by Ramzi. He will hack your Bonzi Buddy bitchez!
EGOTIST, n. A person of low taste, more interested in himself than in me.
GameboyRMH attacks Erpo!
*insert sword-swinging and spell-casting here*
GameboyRMH wins!
Erpo dropped:
- 2500 random monetary units
- Strength +3 bracelet
Moderation:
- GameboyRMH: +5, Pwnage!
- Erpo: +2, Good Fight
"When information is power, privacy is freedom" - Jah-Wren Ryel
I could see this being hilarious if they took a croc hunter viewpoint on the whole issue:
Speaking to receptionist: "Hi there, my name's Jerry - I'm here from corporate regarding today's IT auditing."
Turns and speaks to camera: "Now this here is a basic entry level receptionist, an easy barrier for our penetration testing. If they don't just give us the run of the place, we'll at least break in to the next level of security. We have to be careful to be friendly so as to not tip them off."
Looks at receptionist: (who's calling security): "Crikey, this is a lively one!"
Taunts receptionist with a stick: "Whoa there little fella!"
I see a lot of posts about camera crews, but why do you need one? A whole miniature camera setup can fit into a set of thick-framed glasses (These are used often on MTV's Boiling Points) or into what looks like a pen in your shirt pocket. The quality is poor but it gets the job done.
That said, I'm absolutely dreading this show. It's going to be a total joke, complete with cheap and cheesy "spy music" in the background.
"When information is power, privacy is freedom" - Jah-Wren Ryel
Misery loves company. Online misery loves unsuspecting random strangers.
...from penetration testing against the pure technology stuff.
Quite often the IT security guys have the technology side of things really damn secure, but they are powerless to do anything about social engineering issues since they are denied any real authority over the users/employees who are bozos highly susceptible to social engineering hacks. Still the IT security guys get the blame when social engineering tactics cause a breach via a doofus end-user while at the same time the IT guys are forbidden to have any policy control over the end-user's behaviour on the job. That's the way it works at my place of employment.
Maybe Steve knows something we don't and will want to get ahead of the curve?
There are going to be little squads of script kiddie and less teenagers copycatting this garbage all over the place. Lots of people who know a little IT but don't know security at all talking the talk they see on TV making it hard to get a job with real skills. And for those of you who for some reason keep crying about camera crews.. I'm sure they'll have small cameras, hidden cameras, and security cameras to take footage from, followed by sit down scenes where they talk to the camera like in so many reality shows.
Guess we can look forward to seeing "cool" CSI (tv) like GUIs on even the simplest things ... "want to perform penetration - yes - no"
Wonder how they socially engineer away the presence of a camera team in the air vents.
"We're filming here."
Shop as usual. And avoid panic buying.
You said "penetration" and "coming".
I'd like to see "Ped Eye For The Preteen Girl". ;)
Well, I guess they can take her off the TODO list.
I get the feeling this show is going to be all social engineering and burglary and is going to have very little real computer security going on.
reading about penetration testing was really enlightening for me. I hope this show opens my eyes up to ways that I can become a professional penetration tester so that I can retire my wet suit and snorkel and move-on from being a professional muff diver.
ôó
I'm pretty sure I know how this team penetrates an organization's security. They just hire "Dog" the (alleged) bounty hunter to come to the town where the organization has its plant/HQ. While "Dog" is busy doing his "bull-in-a-china-shop" act, attracting the attention of every gendarme and wanted-felon in town, it's easy for the team to make their penetration into the plant!
Burst my bubble? This is slashdot. If nothing else, it's good for useless pedantry.
"No problem. I have the capacity to do infinite work so long as you don't mind that my quality approaches zero."-Dilbert
My first post on slashdot. I've seen most of the car dealership show (I have a working relationship with the "hackers"). It is fun to watch and does reflect these guys do on a weekly basis (pen testing, risk assesments, Sarbanes Oxley Complinace, vulnerability testing, physical security, etc.) They do use head mounted cameras for most of the footage. The people on the show have been keynote speakers at Black Hat, Hackerfest, etc. Whether show will be good/entertaining/realistic remains to be seen, but the people on the show are definitley not actors