The Art Of Deception by Kevin Mitnick

The Art Of Deception by Kevin Mitnick

Author:Kevin Mitnick
Language: eng
Format: mobi
Tags: &NEW
Published: 2011-07-01T01:13:47+00:00


I did a directory listing to find out what files were on the computer, looking for the LocK-11 program and associated files and stumbled on something I found shocking: a directory that should not have been on this machine. The developers had been so overconfident, so certain their software was invincible, that they hadn't bothered to remove the source code of their new product. Moving to the adjacent hard-copy terminal, I started printing out portions of the source code onto the continuous sheets of the green-striped computer paper used in those days.

Vinny had only just barely finished picking the lock closed and rejoined me when the guys returned from lunch. They found me sitting at the computer pounding the keys while the printer continued to churn away. "What'cha doing, Kevin?"

one of them asked.

"Oh, just printing out your source code," I said. They assumed I was joking, of course. Until they looked at the printer and saw that it really u, as the jealously guarded source code for their product.

They didn't believe it was possible that I was logged in as a privileged user.

"Type a Control-T," one of the developers commanded. I did. The display that appeared on the screen confirmed my claim. The guy smacked his forehead, as Vinny said, "Three hundred dollars, please."

MITNICK MESSAGE

Here's another example of smart people underestimating the enemy. How about you--are you so certain about your company's security safeguards that you would bet $300 against an attacker breaking in? Sometimes the way around a technological security device is not the one you expect.

They paid up. Vinny and I walked around the tradeshow floor for the rest of the day with the hundred-dollar bills stuck into our conference badges. Everyone who saw the bills knew what they represented.

Of course, Vinny and I hadn't defeated their software, and if the developer team had thought to set better rules for the contest, or had used a really secure lock, or had watched their equipment more carefully, they wouldn't have suffered the humiliation of that day--humiliation at the hands of a pair of teenagers.

I found out later that the developer team had to stop by a bank to get some cash: those hundred-dollar bills represented all the spending money they had brought with them.

THE DICTIONARY AS AN ATTACK TOOL

When someone obtains your password, he's able to invade your system. In most circumstances, you never even know that anything bad has happened.

A young attacker I'll call Ivan Peters had a target of retrieving the source code for a new electronic game. He had no trouble getting into the company's wide area network, because a hacker buddy of his had already compromised one of the company's Web servers. After finding an un-patched vulnerability in the Web server software, his buddy had just about fallen out of his chair when he realized the system had been set up as a dual-homed host, which meant he had an entry point into the internal network.

.

But once Ivan was connected, he then faced a challenge that was like being inside the Louvre and hoping to find the Mona Lisa.



Download




Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Web Analytics