Posted on 04/09/2008 5:08:48 PM PDT by 2ndDivisionVet
Hackers have a lot of fancy names for the technical exploits they use to gain access to a company's networks: cross-site scripting, buffer overflows or the particularly evil-sounding SQL injection, to name a few. But Johnny Long prefers a simpler entry point for data theft: the emergency exit door.
"By law, employees have to be able to leave a building without showing credentials," Long says. "So the way out is often the easiest way in."
Case in point: Tasked with stealing data from an ultra-secure building outfitted with proximity card readers, Long opted for an old-fashioned approach. Instead of looking for vulnerabilities in the company's networks or trying to hack the card readers at the building's entrances, he and another hacker shimmied a wet washcloth on a hanger through a thin gap in one of its exits. Flopping the washcloth around, they triggered a touch-sensitive metal plate that opened the door and gave them free roam of the building. "We defeated millions of dollars of security with a piece of wire and a washcloth," Long recalls, gleefully.
In other instances, Long has joined employees on a smoke break, chatted with them casually, and then followed them into the building. Sometimes stealing data is as simple as wearing a convincing hard hat or walking onto a loading dock, before accessing an unsecured computer or photocopying a few sensitive documents and strolling out the front door.
In Pictures: Hacking Without Technology
Fortunately for his victims, the companies that Long invades are also his customers. As a penetration tester for Computer Sciences Corporation security team, Long is paid to probe weak points in a company's information security. His job as a "white-hat" hacker is to think like the bad guys--the more evil genius he can summon up, the better.
(Excerpt) Read more at forbes.com ...
Ping.
I had to go in to work on a weekend and left my security pass at home. I slipped a sheet of paper between the doors and let it float through the air. It tripped the motion sensor, and the doors unlocked to let the “exiting employee” out.
:hacker: n. [originally, someone who makes furniture with an axe] 1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. 2. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming. 3. A person capable of appreciating {hack value}. 4. A person who is good at programming quickly. 5. An expert at a particular program, or one who frequently does work using it or on it; as in `a UNIX hacker'. (Definitions 1 through 5 are correlated, and people who fit them congregate.) 6. An expert or enthusiast of any kind. One might be an astronomy hacker, for example. 7. One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations. 8. [deprecated] A malicious meddler who tries to discover sensitive information by poking around. Hence `password hacker', `network hacker'. The correct term is {cracker}.
The term `hacker' also tends to connote membership in the global community defined by the net (see {network, the} and {Internet address}). It also implies that the person described is seen to subscribe to some version of the hacker ethic (see {hacker ethic, the}).
It is better to be described as a hacker by others than to describe oneself that way. Hackers consider themselves something of an elite (a meritocracy based on ability), though one to which new members are gladly welcome. There is thus a certain ego satisfaction to be had in identifying yourself as a hacker (but if you claim to be one and are not, you'll quickly be labeled {bogus}). See also {wannabee}.
If you didn’t I was gonna......:o)
Social engineering is nothing new
*I* am a REAL hacker. Always have been, that “criminal” stuff is a bunch of lies, like “militias are bad”, all made up by media
So, I bought a bag of peanut M&M's, pinned the empty bad to my shirt pocket, and got right in.
I was "social engineering" before there was a word for it. :)
Ping him anyway. It’ll make him think more people like him.
“...if you claim to be one and are not, you’ll quickly be labeled {bogus}). See also {wannabee}.”
Jnaanorr unpxref hfr ebg13 naq guvax vg’f erny rapelcgvba!
LOL.....But we really do like the guy !.....:o)
Hey get out that computer tanning booth an get over here HH !!
The security of any system is never better than it’s dumbest user. Stupid IT people who have their personal accounts as members of the “domain admins” group is another gift.
I see your homepage and have a security question to ask you.
Not a computer security, but more of a national security question.
Can you write me at blackhood55@gmail.com and I will write back with my question?
Thanks for considering it
This reminds me of a place I went that had an electrically locked door with RFID locks, but a motion sensor on the other side to unlock it when people on the inside needed to get out.
So how did we get in? By sliding a piece of paper though the crack between the doors, triggering the motion sensor.
“By sliding a piece of paper though the crack between the doors, triggering the motion sensor.”
Thats why the motion sensor is supposed to be a few feet indoors. Makes that a lot harder.
EBG13 jbexf svar gubhtu vs lbh qba’g xabj 1337!
A friend of mine went to a meeting with a potential client to discuss computer security. The client told him that their computers were very secure, and that he’d never be able to break into their network. My friend asked if he could have the job if he left a message on the client’s computer by morning.
While the meeting was taking place, my friend’s associate was touring around the secretarial pool, and stealing post-it notes with passwords written on them.
He got the job.
I wonder how much more successful a hot babe in a tight skirt would be doing this job?
Yeah, but you're not supposed to actually tell him that!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.