cloak and dagger for dummies
So, since it has surfaced yet again (and pretty much daily in our society) I figured I would do a post about the IT Security field, something I've got a personal interest in.
I'm sure by now that anyone who reads tech boards, news, etc. will know about the recent Wal-Mart tech scandal where an employee was fired for intercepting text messages from between a New York Times reporter and Wal-Mart employees. An even earlier reminder of this type of espionage can be found in the HP scandal a few months back; the CFO resigned and a prominent lawyer associated with HP was disgraced as a result.
Despite all of this, I constantly see technology progressing in the wrong direction. While technology becomes stronger and harder to break, the people who use it are no more educated about its perks and utility than they were five years ago.
The weak point in all of this, as any decent cracker can tell you, is the person who uses the system. It doesn't matter if you've got a router with a built in firewall, the latest Bluetooth devices all touting SMS message encryption, or a WAP with 128 bit encryption - if the person doesn't know how to use it, they won't. Even worse, they won't know how to stop information leaks or who they should talk to.
An example of this: I work in a campus computer shop. We're often called upon to go out on campus and service machines, pick them up for repairs, etc. Usually, unless I stay within the ITS department, the people I see couldn't tell me apart from any other student (or anyone for that matter.) I wear normal clothes and carry no sort of visible identification. However, I've never had a problem going to someone on this campus and getting access to a computer from them, or even taking the hard drive out for repairs.
"So, what's the problem, Larry? You just seem nice."
The problem is that the hard drive could contain personal information for hundreds of students. If this information was to leak, it would create obvious problems. To make matters worse, even if it was traced back to wherever the drive came from, no one would know who picked up the hard drive - no one asked for my I.D.
This might not seem important to someone who doesn't go to my campus, but think about it: what if you put on a techie sort of outfit, walked into a bank with enough information to weasel a computer away from a clerk, and walked back out with about 600 account numbers? I think those people would be pissed.
Learn to use MAC filtering on your home networks, find out how to disable Bluetooth access on your phone if you don't use it, and for the love of all that's good in this world, stop leaving your SSID as "linksys" and "hpsetup."
I know technology is intimidating to people. You don't have to know the ins and outs of it to let it protect your information though.
As a final note, I highly encourage people to check out Kevin Mitnick's book entitled "The Art of Deception." It's dated somewhat, but the principles still apply.
Related:
Want to stay in denial about how easy it is to intercept information? Read here.
Think cracking a wireless network is hard? Try Aircrack and Airsnort and tell me that.
A more humorous, helpful approach to wireless security: Bluejacking.
I'm sure by now that anyone who reads tech boards, news, etc. will know about the recent Wal-Mart tech scandal where an employee was fired for intercepting text messages from between a New York Times reporter and Wal-Mart employees. An even earlier reminder of this type of espionage can be found in the HP scandal a few months back; the CFO resigned and a prominent lawyer associated with HP was disgraced as a result.
Despite all of this, I constantly see technology progressing in the wrong direction. While technology becomes stronger and harder to break, the people who use it are no more educated about its perks and utility than they were five years ago.
The weak point in all of this, as any decent cracker can tell you, is the person who uses the system. It doesn't matter if you've got a router with a built in firewall, the latest Bluetooth devices all touting SMS message encryption, or a WAP with 128 bit encryption - if the person doesn't know how to use it, they won't. Even worse, they won't know how to stop information leaks or who they should talk to.
An example of this: I work in a campus computer shop. We're often called upon to go out on campus and service machines, pick them up for repairs, etc. Usually, unless I stay within the ITS department, the people I see couldn't tell me apart from any other student (or anyone for that matter.) I wear normal clothes and carry no sort of visible identification. However, I've never had a problem going to someone on this campus and getting access to a computer from them, or even taking the hard drive out for repairs.
"So, what's the problem, Larry? You just seem nice."
The problem is that the hard drive could contain personal information for hundreds of students. If this information was to leak, it would create obvious problems. To make matters worse, even if it was traced back to wherever the drive came from, no one would know who picked up the hard drive - no one asked for my I.D.
This might not seem important to someone who doesn't go to my campus, but think about it: what if you put on a techie sort of outfit, walked into a bank with enough information to weasel a computer away from a clerk, and walked back out with about 600 account numbers? I think those people would be pissed.
Learn to use MAC filtering on your home networks, find out how to disable Bluetooth access on your phone if you don't use it, and for the love of all that's good in this world, stop leaving your SSID as "linksys" and "hpsetup."
I know technology is intimidating to people. You don't have to know the ins and outs of it to let it protect your information though.
As a final note, I highly encourage people to check out Kevin Mitnick's book entitled "The Art of Deception." It's dated somewhat, but the principles still apply.
Related:
Want to stay in denial about how easy it is to intercept information? Read here.
Think cracking a wireless network is hard? Try Aircrack and Airsnort and tell me that.
A more humorous, helpful approach to wireless security: Bluejacking.
0 comments:
Post a Comment