Long shows us the no or low tech way hackers have worked for years by exploiting the simple things. Why use cross-site scripting, DNS poisoning or SQL injection when you can gain access through the back door. And no I don't mean through a software back door. I mean through the emergency exit.
"By law, employees have to be able to leave a building without showing credentials," Long says. "So the way out is often the easiest way in."
Hired to breach a secure building with proximity card readers, Long to the old-fashioned approach. Instead of looking for vulnerabilities or trying to hack the card readers at the building's entrances, he and another hacker shimmied a wet washcloth on a hanger through a thin gap in one of its exits. Flopping the washcloth around, they triggered a touch-sensitive metal plate that opened the door and gave them free roam of the building. "We defeated millions of dollars of security with a piece of wire and a washcloth," Long recalls, gleefully.
Long, who runs the site IHackStuff.com, has recently released the book No Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing
also works as a penetration tester for Computer Sciences Corporation. A company which employees and outsources "white-hat" hackers to probe weak points in a company's information security.
No comments:
Post a Comment
All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.
Thank you
Geek-News.Net