The Art of Deception: Re: [KLUG Members] Hacking a Hacker Legal?

Dirk H Bartley members@kalamazoolinux.org
11 Mar 2003 11:37:23 -0500

Previous message: The Art of Deception: Re: [KLUG Members] Hacking a Hacker Legal?
Next message: [KLUG Members] Meeting 2003-03-11 - Hylafax; Just the Fax
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2003-03-11 at 09:46, Adam Tauno Williams wrote:

> If the average network user is anything like my average user, network security
> is something you pay attention to because it is the professional thing to do -
> not because you can ever achieve a meaningful level of security.  Users are just
> so stupid that your competitor can call up on the phone and ask them to fax over
> the information they want; "Derrrr.... Ok."  They don't even need to lie about
> who they are,  the user won't take 2 seconds to think about if that makes sense,
> or just really doesn't care.

I think a similar little ditty comes from the book "Maximum Linux
Security".  The author discusses two network admins conversing about
security and one boasting his network is "impenetrable".  The other says
he can get in and they place a bet.  Then he gets access, not through
his firewalls or his network, but through a series of phone calls.  It
supports the above statement.  He calls in and gets a list of names from
a certain department.  Then he uses knowledge from that list to call
tech support to get a username/password.  Then .. ..  .  and of course
he wins the bet.

Dirk
> _______________________________________________
> Members mailing list
> Members@kalamazoolinux.org
>

Previous message: The Art of Deception: Re: [KLUG Members] Hacking a Hacker Legal?
Next message: [KLUG Members] Meeting 2003-03-11 - Hylafax; Just the Fax
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]