HACKING BEHIND BARS
What are some of the most secure installations you can think of,
protected against break-in, whether physical, telecommunications, or electronic
in nature? Fort Knox? Sure. The White House? Absolutely. NORAD, the North
American Air Defense installation buried deep under a mountain? Most definitely.
How about federal prisons and detention centers? They must be
about as secure as any place in the country, right?
People rarely escape, and when they do, they are normally caught in short
order. You would think that a federal facility would be invulnerable to social
engineering attacks. But you would be wrong—there is no such thing as foolproof security,
anywhere.
THE SPEEDY DOWNLOAD
Ten years after they had finished law school, Ned Racine saw his
classmates living in nice homes with front lawns, belonging to country clubs,
playing golf once or twice a week, while he was still handling penny-ante cases
for the kind of people who never had enough money to pay his bill. Jealousy can
be a nasty companion. Finally one day, Ned had had enough.
The one good client he ever had was a small but very successful
accounting firm that specialized in mergers and acquisitions. They hadn't used
Ned for long, just long enough for him to realize they were involved in deals
that, once they hit the newspapers, would affect the stock price of one or two
publicly traded companies. Penny-ante, bulletin-board stocks, but in some ways
that was even better—a small jump in price could represent a big percentage
gain on an investment. If he could only tap into their files and find out what
they were working on . . .
EASY MONEY
When I was first introduced to computers in high school, we had to
connect over a modem to one central DEC 12 minicomputer in downtown that all the high schools in L.A. shared. The operating system on that
computer was called and it was the operating system I first learned to
work with.
At that time, in 1981, DEC sponsored an annual conference for its
product users, and one year I read that the conference was going to be held in
L.A. A popular magazine for users of this operating system carried an
announcement about a Security.
THE DICTIONARY AS AN ATTACK TOOL
When someone obtains your password, he's able to invade your
system. In most circumstances, you never even know that anything bad has
happened.
A young attacker I'll call Ivan Peters had a target of retrieving
the source code for a new electronic game. He had no trouble getting into the
company's wide area network, because a hacker buddy of his had already
compromised one of the company's Web servers. After finding an unpatched
vulnerability in the Web server software, his buddy had just about fallen out
of his chair when he realized the system had been set up as a dual-homed host, which meant
he had an entry point into the internal network.
No comments:
Post a Comment