If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(C|Net)   Convicted hacker allowed into IT class in prison, and teaches prison a lesson or two of his own   (news.cnet.com) divider line 66
    More: Dumbass, prisons, Prison Service, unfair dismissal, Nicholas Webber  
•       •       •

10065 clicks; posted to Geek » on 04 Mar 2013 at 9:03 AM (1 year ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



66 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

Archived thread

First | « | 1 | 2 | » | Last | Show all
 
2013-03-04 12:54:44 PM

serial_crusher: To be fair though, the "hide your SSID" trick will keep the laziest of freeloaders at bay.

CSB time: When one of my neighbors posted on the neighborhood facebook page that they'd seen a suspicious guy wardriving the neighborhood, I got all worked up and started thinking of ways to mess with him.  Then in a moment of clarity I looked at the SSIDs in my immediate vicinity and saw "linksys".  Went ahead, connected to that, opened http://192.168.1.1 with password "admin" and took the liberty of securing things for them.
Assholes posted on the facebook page whining about having been "hacked" once the Geek Squad came in and fixed things for them.  You're welcome, ungrateful bastards.


If you secured their wireless without their knowledge, how did they know the key?
 
2013-03-04 01:15:35 PM

ongbok: serial_crusher: To be fair though, the "hide your SSID" trick will keep the laziest of freeloaders at bay.

CSB time: When one of my neighbors posted on the neighborhood facebook page that they'd seen a suspicious guy wardriving the neighborhood, I got all worked up and started thinking of ways to mess with him.  Then in a moment of clarity I looked at the SSIDs in my immediate vicinity and saw "linksys".  Went ahead, connected to that, opened http://192.168.1.1 with password "admin" and took the liberty of securing things for them.
Assholes posted on the facebook page whining about having been "hacked" once the Geek Squad came in and fixed things for them.  You're welcome, ungrateful bastards.

If you secured their wireless without their knowledge, how did they know the key?


Hence why they called the Geek Squad :p
I went ahead and left the default password on the admin page so they could connect via ethernet and take care of it.  Not sure if the "geek" bothered or just held down the "reset" button and then changed things from there.  All I know is there's no longer any routers reporting "linksys" or "ConfigureYourshiat" in my neighborhood anymore.  No suspicious wardrivers reported lately either.
 
2013-03-04 02:11:30 PM

OceanVortex: ongbok: OceanVortex: justtray: My favorite line from the newest 007 movie is "security through obscurity." My home wireless network isn't secured, it simply doesn't broadcast a signal. I'm sure a software engineer could easily create a program to scan for non-broadcast signals, but how would they know where to look? That way, all I have to do is tell people the name of my network, which I call something like, "User Error," or "404 Gateway" for confusion purposes.

Oh oh oh!  More analogies:

-That's like claiming not wearing a name tag when meeting a new person would render you invisible to them.  No, they can see you just fine, they just don't know what you want your nickname is (but what do they care?).

-That's like claiming not putting a dog-tag on your puppy will keep the dogcatcher from picking it up if it runs around without a leash.

-That's like saying if you leave the subject heading of an email blank, the recipient can't read the body of the message.  Yeah, this is probably the best analogy come to think of it.

Come on now. I think he gets the point.

You're right.  And again, I'm not trying to be a jerk (though it appears I'm accidentally being one).  Sorry, just had a long week explaining this exact concept to my bosses as to why it was worth the time/energy/cost of securing our network.

Anyway, justtray, I think you are a good person and a valuable human being and I hope you have a lovely day!



Don't worry its not me who feels folish, but rather you for entirely missing the point and using it as a excuse to feel superior to others by sharing your advanced in depth knowledge of cybersecurity.

You ARE useful! Dont let anyone else tell you otherwise.
 
2013-03-04 02:19:20 PM

serial_crusher: To be fair though, the "hide your SSID" trick will keep the laziest of freeloaders at bay. CSB time: When one of my neighbors posted on the neighborhood facebook page that they'd seen a suspicious guy wardriving the neighborhood, I got all worked up and started thinking of ways to mess with him.  Then in a moment of clarity I looked at the SSIDs in my immediate vicinity and saw "linksys".  Went ahead, connected to that, opened http://192.168.1.1 with password "admin" and took the liberty of securing things for them. Assholes posted on the facebook page whining about having been "hacked" once the Geek Squad came in and fixed things for them.  You're welcome, ungrateful bastards.

Looks like you got the point. Any determined hacker isnt going to be kept out via "secure wireless" that broadcasts, I presume. Again the point is relative risks.

And yeah the wireless router configs are the current ridiculously easy hack. Admin/blank or admin/admin and all the IPs for the major routers are easily available online. Geel squad is funny.
 
2013-03-04 02:27:49 PM
I think one can file that under "WTF did you think would happen?"... It's in the Ws..
 
2013-03-04 02:54:05 PM

Nightenstaff: It looks like a hack wrote this article as well.


Or an engineer.  Certainly not an English major.
 
2013-03-04 04:18:45 PM
Trouble with the Isis mainframe?

Try "guest".
 
2013-03-04 04:43:58 PM

serial_crusher: All I know is there's no longer any routers reporting "linksys" or "ConfigureYourshiat" in my neighborhood anymore.


I was always a fan of SecureYourNetworkDipass
 
2013-03-04 04:57:25 PM
Well dumbass is right. What an easy way to extend your stay and get every possible privilege or leniency denied.
 
2013-03-04 05:02:36 PM

justtray: My favorite line from the newest 007 movie is "security through obscurity." My home wireless network isn't secured, it simply doesn't broadcast a signal. I'm sure a software engineer could easily create a program to scan for non-broadcast signals, but how would they know where to look? That way, all I have to do is tell people the name of my network, which I call something like, "User Error," or "404 Gateway" for confusion purposes.


Unless you pretty much keep it off at all times, there most assuredly IS a signal, and realistically one doesn't have to do TOO much searching to find it (there are 14 channels for 802.11b/g/"lowband" n in the 2.4GHz band, of which only 11 are in use in the US; about thirty-odd in the 802.11a/h/j/"highband" n 5GHz band, only 21 of which are in use in the US).

There are already consumer-grade "WIfi sniffers" that can find signal in 802.11b/g/"low n", even if you aren't broadcasting an SSID (which is what I suspect you meant), and rather more expensive hobbyist-grade and commercial-grade sniffers (around the price of a new PC) that can also sniff 802.11a/h/j/"high n".  More than a few of the latter can also plug into a PC, and if someone is sufficiently motivated the lack of an SSID isn't going to deter them.

That's the HARD way, of course; the EASY way is getting a 802.11n modem stick with an Atheros chipset and a copy of Backtrack Linux and letting its wifi-sniffing-and-cracking tools do the work for you.  This can be done with a cheap netbook, as an aside, for well under the price of a sniffing rig.  If I just want to see if there's a site on channel 6, don't even need that much--just the netbook.

Hell, things are now getting to the point I can essentially do this for free--many of the wifi exploit tools for Linux are starting to make their way into the Android world, including Dsploit which is a port of some of the nicer tools from Linux wifi-sniffing suites...only thing missing so far is actual WPA cracking, but there's been some impressive work on enabling promiscuous mode on a certain very common Qualcomm chipset... :D

(This is why disabling SSID isn't generally recommended anymore; most of the freely available sniffing tools don't really care, and just say "Hey, there's something interesting on channel 6, heheh, look, how cute, he's trying to hide his SSID".)

/yes, I do work with folks who wish to secure their wifi
//also likes to point out that the Correct Battery Staple Horse Theory of Password Management is one that should be encouraged
 
2013-03-04 05:08:18 PM

justtray: And yeah the wireless router configs are the current ridiculously easy hack. Admin/blank or admin/admin and all the IPs for the major routers are easily available online. Geel squad is funny.


Doubly so when at least some VERY portable exploit kits actually include the capability to automatically look up default passwords (cough cough Dsploit cough ahem). :D
 
2013-03-04 07:31:01 PM

haws83: Could they define "hacked"?  Did he just gain access to unauthorized systems or did he do some damage of some kind?  Stupid article.


This, the article seems exceptionally lacking on this particular detail.
 
2013-03-04 08:32:18 PM

serial_crusher: Happy Hours: justtray: My favorite line from the newest 007 movie is "security through obscurity." My home wireless network isn't secured, it simply doesn't broadcast a signal. I'm sure a software engineer could easily create a program to scan for non-broadcast signals, but how would they know where to look? That way, all I have to do is tell people the name of my network, which I call something like, "User Error," or "404 Gateway" for confusion purposes.

I like the idea of error messages as SSIDs, and I never thought of that, but the only reason I can think of to broadcast an SSID is for the lulz or to make very subtle snarky comments towards your neighbors. For a brief period I used, "ShutYourYappyDogUp" and "FBISurveillanceVan#2" (yeah, real original). If you know the SSID, I'm ot even sure broadcasting it makes it easier for those devices you want on your network. Am I missing something?

Another hint. 'Remember my password' questions are some of the most unsecure things possible. It is relatively easy for someone to gain access to your mother's maiden name (especially if it's YOUR middle name), the street you used to live on, the car you drive, your work's name, or even your pet's name. Instead of using a password that can be easily compromised, come up with the equivilent of a safe word. Something that you always remember to try or can be triggered tangently based on the question. Basic example - "Insecurity," can be your codeword because you remember when you personally setup your questions, you know how insecure they are. For bonus points make it include numbers for letters to break up any random word attack.

I'll give the hackers another clue. I ALWAYS lie in response to those questions. It sometimes makes life difficult for me especially if I make them up when I've been drinking. "What's your pet's name?" "Snoopy" (of course - I'm so clever, I'm sure I'll remember that later). What street did you live on when you were born? "1313 Mockingbird Lane" (of co ...


What about needing to speak to a male or female based on a preconcieved sexual name orientation.

Yes, *cough*, I mean YES!
 
2013-03-05 09:57:16 AM

xanadian: I'd like to enforce pass-phrases via GPO, but Windows has a 14-char max for length enforcement.


Even worse.  For backward compatibility with OS/2 LAN server, it's two 7-character passwords next to each other, so it's even easier to crack.
 
2013-03-05 10:46:59 AM

MyKingdomForYourHorse: You would think with the coming cyber war as nation states engage in active cyber theft and crimes we could tap a resource of talented people who could assist us in this war.

...but nope, we'd rather send them to jail




That is like suggesting we use a convicted mass shooter or serial killer as a soldier or guard, since they know how all about killing.

Problem is we don't just need a hacker. We need people who understand cyber security and are willing to hack systems within our guidelines. If an untrustworthy crook took government equipment and skills gained under our watch to carry out personal business ....that would be bad.

They don't need to be talented so much as they need to accept living on a leash.
 
2013-03-05 11:19:51 AM
Isis specializes in prisoners under 25

images.starpulse.com


Heh.

I remember that show.
 
Displayed 16 of 66 comments

First | « | 1 | 2 | » | Last | Show all

View Voting Results: Smartest and Funniest


This thread is archived, and closed to new comments.

Continue Farking
Submit a Link »






Report