RE: Must see video on potential ID theft
Hah. The public is a n00b farm ripe for plunder.
Better check to make sure that ATM/gas station doesn't have a fake credit card extension that grabs your info and makes you think the machine is broken.
Better check to make sure when you go to your banking site that there isn't a man in the middle stripping the SSL connection.
Better check to make sure you're not using your NCAAbbs login somewhere else as something secure, seeing as how it is transmitted in clear text unless, like me, you have root access to the server and can SSH tunnel your traffic when you don't trust the network you're on.
Anybody on your wifi network or who is a man in the middle on your wired network can read your Facebook IMs, Facebook PMs, MySpace IMs, Skype IMs, AIM IMs, Yahoo IMs, MSN IMs, ....
How many of you use your ISP's email address? (@bellsouth, @sbcglobal, @charter, etc) Now how many of you setup your email using their default instructions? Congrats -- the same that I said about IMs above applies.
Anybody who hops on a wired network can execute a DHCP exhaustion attack, run their own rogue DHCP server, and effectively take over the entire wired network as the man in the middle in about 24 hours, without once sending ARP traffic that normally triggers red flags of suspicious activity.
You think your smartphone is secure? Uncle Sam can enable the mic, webcam, and GPS remotely without you knowing, and even with the phone turned off. You can only close their back door by pulling out the battery.
Well surely documents you print aren't traceable right? WRONG. The vast majority of high resolution printers print out barely visible yellow dot coding denoting the make, manufacturer, model, and serial number of the printer. They can literally trace the printer back to the store it was sold at, then go through their records to find you. This was originally put in place to stop counterfeiting, but if you give the government a power....
Using Windows? Redmond is watching you if you use Vista or Windows 7. The OS watches what you're doing silently in the background. If it even so much as suspects you're trying to circumvent copyright protection (particularly on HD content) it can silently report you to Remond and/or the authorities, and even permanently revoke the graphics card driver and disable your entire video subsystem.
But the weakest link of all? The one that defeats security the most often? The one that is an almost inescapable reality of a dumb*** public? The end user. Famous hacker Kevin Mitnick didn't discover some unpublished exploit through some remote protocol to hack into big companies. He simply had someone take him on a tour in that company as though he was a potential customer, and during the tour he'd put a floppy disk labeled "salaries.xls" on a random table someone. And of course a dumb and nosey employee would see it, quietly swipe it, and pop that in their computer. Owned. And even better, said employee will be inclined not to say a word about it, because they'll reveal their own guilt in doing so.
It just happens to be that the hardcore security people are very similar to locksmiths. They are open about the philosophy of the trade, but do so (usually) under a banner of ethics and professionalism. This, however, does not apply to foreign nationals engaged in cyberwarfare.
|