The DoD also does penetration testing of its own facilities with similar results. Restricted area badges being worn in plain sight are susceptible to photography (telephoto photography of smoking areas is a favorite target) and counterfeiting. Social engineering goes a long way, and idiot users are always a weak link (passwords and usernames written on sticky notes…)

Posted at 1:46 pm on Aug 2nd, 2007 by Mike

Yeah, that’s a great idea. Try passing through a card reader with a photo of a security badge in a truely secure DOD area and see what happens. “Jacked up” doesn’t just mean being on steroids.

Posted at 2:38 pm on Aug 2nd, 2007 by Fred Thompson

of course you aren’t going to get through a card reader with a photo of a card. card readers are going to require a better hack. i am referring to “red team” penetration testing of actual dod facilities, some of which do not have additional authentication of credentials. successful penetration tests have been done on restricted areas such as aircraft maintenance facilities, flightline access, munitions areas, and working areas with siprnet access, any of which can provide access to secret, and secret-noforn material. i haven’t run across results from higher classification levels, but they aren’t going to share those reports with me. read johnny long’s sample chapter, this is real stuff, not not some oceans 11 fantasy or just wishful thinking.

Posted at 6:50 pm on Aug 2nd, 2007 by mike

Social engineering is actually the staple of the most dangerous hackers. They’re the ones who can penetrate organizations and make off with all sorts of stuff.

Heck, I think it was on slashdot a while ago (and in the news) about some girl who “attended” harvard or stanford or one of those big name schools. She lived in the dorms, had the books… oh, one thing – she wasn’t ever enrolled in the school.

Social engineering is where it’s at! (To be fair, they did use some of that on Oceans 11…)

Posted at 11:38 am on Aug 3rd, 2007 by srilyk

The TV series Mission Impossible (‘66-’73) predominant hack was looking like they knew what they were doing, van, orange cones, coveralls, a hard hat, or a coat and tie where expected, just looking professional works wonders. Show up with a metal clipboard, step ladder, an electrician’s tool belt, a spool of Cat5 and ask security where the presidents office is because you’ve got a work order here to install a new secure line… In fact many remodeling subs are often required to do their work after normal hours, so you have security holding the doors open for you as you carry in your drop cloths and paint buckets right at closing time.

Posted at 1:16 am on Aug 4th, 2007 by stevew

mike, you really don’t know what you’re talking about. Poser.

Posted at 1:39 am on Aug 4th, 2007 by Fred Thompson

social engineering ftw!

Posted at 10:06 am on Aug 5th, 2007 by strider_mt2k

Ditto on the idiot comment by Mike. He really needs to do a little more homework before he opens his mouth.

Posted at 3:02 am on Aug 6th, 2007 by M3talhead

If you are interested in no tech hacking you should check out Johnny’s new book from Syngess (Kevin Mitnick is the technical editor)

Posted at 5:13 pm on Aug 17th, 2007 by dumspterdiver