Flutterby™! : Monkey See, Monkey Plug

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

Monkey See, Monkey Plug

2006-07-25 20:16:09.321288+00 by petronius 3 comments

The world is terrified of hackers, strange, nerdy men with arcane talents to violate the most secure system through eldritch knowlege of computer systems. Unfortunately, the biggest threat is still social engineering, where a smooth talker gets somebody to betray their system for you. At DarkReading.com, a security consultant breaks into a system by "open stealth". He copies a Trojan program onto a bunch of giveaway USB thumbdrives he finds around the office, then leaves them laying around the parking lot of the target facility. People find them when they arrive for work, pick them up, and plug them into their desktop as soon as they boot up. And the passwords come rolling in. As more idiotproof systems are designed, bigger idiots are being evolved to subvert them.

[ related topics: virus Software Engineering security Work, productivity and environment Television ]

comments in ascending chronological order (reverse):

#Comment Re: made: 2006-07-25 20:38:46.526599+00 by: ebradway

I can't seem to find the page anymore, but I once read about a script you could load on your iPod, take it to some coffee shop, and an unsuspecting user if you can charge off their USB port (dude... my iPod's dead and I'm jonesin for tunes, can I plug in a charge for a sec?). The script runs on connection and copies the password files off the host machine to the iPod.

But by far the greatest problem is the script kiddies and idiots who don't lock down their boxes so they fall prey to script kiddies...

#Comment Re: made: 2006-07-25 21:38:11.746796+00 by: Dan Lyke

I understand the motivation behind "autorun", but that's a flat out system design flaw. I refuse to lay that one on the users, as users who can't distinguish between applications ("What were you editing the file with?" "Microsoft") can hardly be expected to think that plugging removable media into the computer automatically executes code.

Heck, long before we had execution risks because of network connections we had viruses spread on boot sectors of floppies.

#Comment Re: made: 2006-07-25 21:51:41.159336+00 by: petronius

I've heard of devices that use infra-red links to share data, like exchanging business cards. Yet another way to get access to a system.

Last week's InfoWorld also has a bit about somebody bringing a non-secured laptop into the office and jacking into the system. Unfortunately, the wi-fi card is still on, broadcasting an open network called "Apartment". So anybody in the street can join his little network and bridge into the corporate network.

Maybe some disasters like the missing credit data of thousands of vets and the like are necessary to drill discipline into everybody's heads. How many people still neglect to lock their cars? Some, but not many.