Comments on: Black Hat 2007 No-Tech Hacking with Johnny Long

By: dumspterdiver

dumspterdiver — Sat, 18 Aug 2007 00:13:54 +0000

If you are interested in no tech hacking you should check out Johnny’s new book from Syngess (Kevin Mitnick is the technical editor)

By: M3talhead

M3talhead — Mon, 06 Aug 2007 10:02:04 +0000

Ditto on the idiot comment by Mike. He really needs to do a little more homework before he opens his mouth.

By: strider_mt2k

strider_mt2k — Sun, 05 Aug 2007 17:06:30 +0000

social engineering ftw!

By: Fred Thompson

Fred Thompson — Sat, 04 Aug 2007 08:39:15 +0000

mike, you really don’t know what you’re talking about. Poser.

By: stevew

stevew — Sat, 04 Aug 2007 08:16:52 +0000

The TV series Mission Impossible (‘66-’73) predominant hack was looking like they knew what they were doing, van, orange cones, coveralls, a hard hat, or a coat and tie where expected, just looking professional works wonders. Show up with a metal clipboard, step ladder, an electrician’s tool belt, a spool of Cat5 and ask security where the presidents office is because you’ve got a work order here to install a new secure line… In fact many remodeling subs are often required to do their work after normal hours, so you have security holding the doors open for you as you carry in your drop cloths and paint buckets right at closing time.

By: srilyk

srilyk — Fri, 03 Aug 2007 18:38:47 +0000

Social engineering is actually the staple of the most dangerous hackers. They’re the ones who can penetrate organizations and make off with all sorts of stuff.

Heck, I think it was on slashdot a while ago (and in the news) about some girl who “attended” harvard or stanford or one of those big name schools. She lived in the dorms, had the books… oh, one thing – she wasn’t ever enrolled in the school.

Social engineering is where it’s at! (To be fair, they did use some of that on Oceans 11…)

By: mike

mike — Fri, 03 Aug 2007 01:50:36 +0000

of course you aren’t going to get through a card reader with a photo of a card. card readers are going to require a better hack. i am referring to “red team” penetration testing of actual dod facilities, some of which do not have additional authentication of credentials. successful penetration tests have been done on restricted areas such as aircraft maintenance facilities, flightline access, munitions areas, and working areas with siprnet access, any of which can provide access to secret, and secret-noforn material. i haven’t run across results from higher classification levels, but they aren’t going to share those reports with me. read johnny long’s sample chapter, this is real stuff, not not some oceans 11 fantasy or just wishful thinking.

By: Fred Thompson

Fred Thompson — Thu, 02 Aug 2007 21:38:13 +0000

Yeah, that’s a great idea. Try passing through a card reader with a photo of a security badge in a truely secure DOD area and see what happens. “Jacked up” doesn’t just mean being on steroids.

By: Mike

Mike — Thu, 02 Aug 2007 20:46:14 +0000

The DoD also does penetration testing of its own facilities with similar results. Restricted area badges being worn in plain sight are susceptible to photography (telephoto photography of smoking areas is a favorite target) and counterfeiting. Social engineering goes a long way, and idiot users are always a weak link (passwords and usernames written on sticky notes…)