Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacks To Be Truly Paranoid About

Posted by samzenpus on from the protect-ya-neck dept.

snydeq writes: Nothing is safe, thanks to the select few hacks that push the limits of what we thought possible, InfoWorld's Roger Grimes writes in this roundup of hacks that could make even the most sane among us a little bit paranoid. "These extreme hacks rise above the unending morass of everyday, humdrum hacks because of what they target or because they employ previously unknown, unused, or advanced methods. They push the limit of what we security pros previously thought possible, opening our eyes to new threats and systemic vulnerabilities, all while earning the begrudging respect of those who fight malicious hackers."

24 of 106 comments (clear)

  1. Duh by Anonymous Coward · · Score: 5, Insightful

    None of these are new.

    1. Re:Duh by Anonymous Coward · · Score: 4, Insightful

      Yeah, my grandmother knows about at least three of them from grandparent magazines. I'm past asking why this is on Slashdot...

    2. Re:Duh by garyisabusyguy · · Score: 3, Interesting

      Either the demographic of /. has changed dramatically or simply clickbait

      I have not read InfoWorld in a while, but I was kinda surprised that they would be the source of such a, *ahem*, mundane article

      --
      Wherever You Go, There You Are
  2. Card skimmers by phantomfive · · Score: 5, Interesting

    The only really worrisome one to me is the ATM card skimmers, because if you go to an unknown ATM, it's hard to know if it has a skimmer on top or not. Furthermore, it has increased dramatically over the past few years, up 300% from last year.

    I submitted an article on the topic, but it was rejected. Bottom line: be careful when using ATMs, especially at bars and in Florida. Recently New York and Philadelphia have been increasingly targeted.

    --
    "First they came for the slanderers and i said nothing."
    1. Re:Card skimmers by Mashiki · · Score: 2

      Only works if that's the case. There's some amazingly complex mockups including the entire cowl and keypad, and those asshole of no-where ones where the skimmer is built right into the machine itself. The one you're talking about? They're still around but not near as common as the other types out there.

      --
      Om, nomnomnom...
    2. Re:Card skimmers by Anonymous Coward · · Score: 2, Informative

      Brian Krebs puts up some really shocking skimmer articles every once in a while. When you think you can spot all the skimmers out there, you've already lost.

    3. Re: Card skimmers by Anonymous Coward · · Score: 2, Funny

      You shouldn't respond to your own posts trying to make it look like two people are talking. It just makes your schizophrenia that much more apparent.

    4. Re:Card skimmers by jasno · · Score: 2

      I've always wondered about skimming using nothing more than a high speed camera and a zoom lens. I'm guessing you could point a camera at a gas station card reader from 200' away and read the entire back of the card as it goes in and out.

      I look like a nutcase when I use my credit card in public for this very reason. Sadly it's easy to get a misread when you're awkwardly trying to shield both sides of the card with your hands.

      --

      http://www.masturbateforpeace.com/
    5. Re:Card skimmers by guruevi · · Score: 2

      Why is it worrisome? Your bank covers any and all malicious charges with a single call, barely any questions asked. Sure, you're out of a card for 2 days, but then you just use another one.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    6. Re:Card skimmers by DanJ_UK · · Score: 3, Informative

      Often doesn't matter, clever crooks debit £1 here and there on a continual basis, much like the little bastard in one of the corner shops next to my office. Took me about 6 months to not notice, it was only when Barclays automated fraud system noticed and flagged it up that my card was blocked and a new one issued.

      --
      - Dan
    7. Re:Card skimmers by zopper · · Score: 2

      Or have an email/sms notice after every card transaction. My bank sends the notices immediately, and as email they are for free. Here and there I get a little scared by some unexpected payment from auto-billing (like to Spotify), but in such case, I can check the transactions using e-banking or mobile app. Though it may be that US banks are not offering such services...

  3. Nothing But FUD!!! by sizzlinkitty · · Score: 3, Insightful

    This stuff has been out there for more than two years for most of it except maybe the badusb. Go write a real news story and come back when you have something good...

  4. Harddrive Firmware by Nyder · · Score: 4, Insightful

    The only thing that scares me is that you can buy a harddrive that might have it's firmware modified so they always have a backdoor into your system.

    --
    Be seeing you...
    1. Re:Harddrive Firmware by networkzombie · · Score: 2

      How would this manipulate an OS so the backdoor is available without being identified? Maybe a backdoor on a NIC with a secret port knock bypassing the OS to sniff traffic, but even that will get noticed sooner or later.

  5. I enjoyed the article ... by CaptainDork · · Score: 3, Insightful

    ... I have heard of these before, but it's good to get a run-down.

    Stuxnet is my fav. It reminds me of the "drunk walk" algorithm I entered into a TRS-80 using BASIC, back in 1978 and stuff.

    As an IT person, reading the article was like looking up symptoms for an illness: I think I have every fatal disease and hackers are crawling all over my system.

    --
    It little behooves the best of us to comment on the rest of us.
    1. Re:I enjoyed the article ... by LaurenCates · · Score: 2

      Indeed. Another point: I don't get the snobbery around here.

      Yes, I know this is "news for nerds", but it shouldn't be so nerdy that the average person or aspiring nerd that shows up feels too intimidated by the articles that they won't read the articles or join in discussion.

      For a lot of us, this is old news, sure. But it's not cool to assume that everyone knows what we know.

      --
      Some people don't believe in fairies. I don't believe in The Patriarchy.
  6. Complacent CIOs & CEOs by BoRegardless · · Score: 3, Interesting

    Given the dozens and dozens of reported hacks against large orgs over the last 2 year, I can only conclude there is a large disregard for properly addressing security that starts right at the top of the C suite in big companies.

    That is at least as troubling for smaller companies, who likely have less resources to deal with security.

  7. Java, [...] most bug-filled, hackable software by geekpowa · · Score: 4, Interesting
    A light-weight article, typified by this:

    Java, one of the most bug-filled, hackable software products the world

    Indeed criticism should be leveled at Java for trying to retain one of it's original design intents of being a web safe sandbox while at the same time trying to be a golden hammer in pretty much every other problem/solution domains, server backend, rich client, embedded device etc meaning the platform got so huge and unwieldly it was too difficult to keep it secure if nothing because of it's sheer weight. But to call it the most hackable software products is just stupid and ignorant. Does the author understand the basic concept of memory management exploits? Buffer overruns exploits are virtually non-existant in Java, caused only by rare defects in the JVM itself.

    1. Re:Java, [...] most bug-filled, hackable software by Anonymous Coward · · Score: 4, Insightful

      Yes you're right. That honour goes to Adobe Flash.

    2. Re:Java, [...] most bug-filled, hackable software by lgw · · Score: 2

      caused only by rare defects in the JVM itself.

      Except for the "rare" part, sure. And every monthly Java exploit puts every machine running Java out there at risk (I'm assured by Sun there are over a billion such machines, much like McDonalds hamburgers).

      You can write secure C code - difficult, but possible. You cannot write secure Java code, as there's nothing you can do about your regularly scheduled JVM flaw.

      --
      Socialism: a lie told by totalitarians and believed by fools.
    3. Re:Java, [...] most bug-filled, hackable software by KermodeBear · · Score: 2

      It wouldn't be a good, scary InfoWorld article without sensationalist bullcrap.

      --
      Love sees no species.
  8. Extreme hack No. 1: ATM hacking by nickweller · · Score: 4, Interesting

    "Most automated teller machines (ATMs) contain a computer that runs a popular OS, so it should come as no shock that they can be hacked. For the most part, this means Microsoft Windows"

    Nothing to disagree with so far ..

    "ATM OSes often include an implementation of Java, one of the most bug-filled, hackable software products the world has ever known"

    Only when run on top of Microsoft Windows. Sun Microsoft Systems were under the delusion that they owned Java. Originally designed to be a write-once-run-anywhere technology. At least before Microsoft innovated a Java Language Council(excluding Sun), took control of Java (JFC) and licensed it back to Sun (AFC) :) ref

    Years later Oracle acquired Suns interest in Java and sued Google for including Java API calls in Android. Curiously enough Microsoft is 'licensing' patented Android technology to the handset manufacturers and Oracle isn't going after Microsoft.

  9. ANY Firmware by Burz · · Score: 3, Interesting

    Check this incident out. Naturally, Qubes could not protect him because his laptop did not have an IOMMU. But the real interesting thing to me is where/when this implant was actually put in his system (he says he bought it new, in person, and the symptoms appeared sometime after a period of normal behavior).

  10. I worry about 'Life Hacks' rotting our brains by TheRealHocusLocus · · Score: 4, Insightful

    How many friggin' ways are there to hang shoes in your closet? You'd think that just piling your shoes on the floor has been holding us back all these years, and we're just beginning to get a handle on this shoe storage thing. Buy expensive plastic drawers, make things out of moldy cardboard, hang 'em and wrap 'em like flies in a spiderweb, on doors, above your bed. Make labels. How about an entire room full of wax people in various positions to wear our shoes for us? To select a pair just tip over the wax person and take their shoes off. Simple.

    There is always some 'Target Number'. No one ever has a bright idea any more, they must save them up until there is a round or round-plus-one number. Only a brain dead doofus would click into '100 uses for a dead cat' when another article promises 101 uses.

    Zero-Day Life Hacks are the worst. Mixed in with the rest, at a glance you can tell that they were made up on the spot to help the author achieve the target number, and are not worth the time spend reading them. And there is no way to unread them, no delivered punishment for this crime. The last time someone felt guilty about wasting another person's precious time was back in 1959.

    Life hacks don't just present these tips, they go on about them. You can't just be told to slide a friggin' block of wood along the floor to help set molding at the proper height. There has to be a Using A Block Of Wood Smartly video, and there's always a FAQ with dumb questions like, when I slide it into a corner, what then? (start over in another room, maybe it will work there) and What if the wood falls over? (find another piece). Even the most ludicrous and contrived aspects of something generates lengthy discussion, as if we have carved out a Corner of the Universe devoted solely to wood block molding sliding. The comments slide off into oblivion and disappear like they do everywhere else, the Internet is now like a continuous roll of one-sided toilet paper.

    The people surfing these 'Hacks' are really asking themselves, I have these opposeable thumbs connected to a brain. What are they for? Well one thing you could do is spend every spare moment of your life in a voyeuristic journey paging through Life Hacks. As the senses dull and the little voice in our head that says, "Now THAT's clever" becomes over-used, our desperate brains are spurting little endorphin rushes that represent the Eureka! moment, and for a split second we pretend to be filing away every Life Hack like some modern day Sherlock Holmes, to regurgitate it some day at the precise moment when it will attract that mate, save that marriage, save your life and impress everybody

    The truth is that you are forgetting them as fast as you are absorbing them and your own brain is becoming that one-sided continuous roll of toilet paper. It's a scam and you are both scammer and scamee. When you go to bed tonight, try to remember all the valuable tips you've learned. Then in the morning. In the place of hands-on basic 'aboriginal skills' of problem solving with the use of fingernails, using levers, found objects and baling wire, things upon things --- we're just merely glancing at things

    You know those night-time satellite photos that show cities, highways and towns as shimmering webs of light? Well in terms of average depth of human concentration... those lights are winking out. Celebrities who've had their asses reamed by hateful people on Twitter and delete their accounts (whoosh!) to go back to old-fashioned interviews and press conferences teach us an important lesson about modern culture and long term mental health... which I will not share. This is no 'Life Hack' tip here... figure it out yourself.

    Life Hacks also eat up idle quiet time, in which the mind fits things together in silly ways that are uniquely your own. We must use the Internet -- to find the slow tides of thought, laughter and fable we wish to use to construct our worlds, and spend equal time out in the most desperate emotional wildernesses of our time, to tame them to our liking. Not passively surf 'Life Hacks'.

    --
    <blink>down the rabbit hole</blink>