advertisement
Forums

The Forum is sponsored by 
 

AAPL stock: Click Here

You are currently viewing the Tips and Deals forum
so how exactly do you hack a corporation?
Posted by: space-time
Date: December 23, 2014 07:14PM
they stole 100 TB of data from Sony. that must have takes weeks.

I just logged in to my bank after clearing some cookies, bank did not recognized the computer and sent me a safe pass to my cell phone. I had to wait for text message to arrive (it took just a few seconds) and then I entered the safe pass, then the password.

A few days ago I logged in into ADP (payroll and attendance for my team) and again I logged in from a new computer, not only it sent me a security code to my email, I also had to answer 3 security questions and only then it would let me log in.

In other words, if you do it right, the log on protocol can be almost fool proof. I would imagine in case of Sony that they had some top notch log in protocols (but maybe they didn't). A friend who works in artificial intelligence research has a little gizmo that gives him a security code which changes every 30 seconds. anyway, you get the idea, some servers have good log in protocols.

but if GOP were able to hack Sony, I would imagine they didn't log in via the standard protocol, they must have found a way to get in through a different way. it is almost like you;re building a fence, installing an excellent gate, but then leaving holes under the fence or not even finishing the fence in the back of the house, so that's how thieves get in. what is the point of these security measures if they leave some many holes unplugged?

/rant off.
Options:  Reply • Quote
Re: so how exactly do you hack a corporation?
Posted by: Filliam H. Muffman
Date: December 23, 2014 07:29PM
One of the easiest is drop a cool looking flash drive/phone/tablet near the executive assistant parking spaces. Infected drive installs keylogger/back door/Trojan/etc. if they don't have a truly rigorous suite of software installed.



In tha 360. MRF User Map
Options:  Reply • Quote
Re: so how exactly do you hack a corporation?
Posted by: Racer X
Date: December 23, 2014 07:34PM
Quote
Filliam H. Muffman
One of the easiest is drop a cool looking flash drive/phone/tablet near the executive assistant parking spaces. Infected drive installs keylogger/back door/Trojan/etc. if they don't have a truly rigorous suite of software installed.

At work, only work provided flash drives are allowed, and not permitted off the property. Devices not registered with IT will be destroyed if found logged in, or plugged in to the network.



Edited 1 time(s). Last edit at 12/23/2014 07:35PM by Racer X.
Options:  Reply • Quote
Re: so how exactly do you hack a corporation?
Posted by: Onamuji
Date: December 23, 2014 07:41PM
[en.wikipedia.org]



Options:  Reply • Quote
Re: so how exactly do you hack a corporation?
Posted by: Mike Johnson
Date: December 23, 2014 07:46PM
This is a great account of what has happened: [www.reddit.com]
Options:  Reply • Quote
Re: so how exactly do you hack a corporation?
Posted by: Filliam H. Muffman
Date: December 23, 2014 08:05PM
Quote
Mike Johnson
This is a great account of what has happened: [www.reddit.com]

Wow. "...an IT director was comprised apparently he had no background in IT and was actually a marketing exec..."





In tha 360. MRF User Map
Options:  Reply • Quote
Re: so how exactly do you hack a corporation?
Posted by: DP
Date: December 23, 2014 08:12PM
All it takes is for one idiot to click on an attachment.
Options:  Reply • Quote
Re: so how exactly do you hack a corporation?
Posted by: steve...
Date: December 23, 2014 08:17PM
I heard one theory that suggested there may have been someone inside Sony who enabled the hack.





Northern California Coast
Options:  Reply • Quote
Re: so how exactly do you hack a corporation?
Posted by: space-time
Date: December 23, 2014 08:55PM
We are also told that three security certificates used a password of "password".

wow, just wow. if you know how to generate a security certificate, you should know to use a strong password.
Options:  Reply • Quote
Re: so how exactly do you hack a corporation?
Posted by: Onamuji
Date: December 23, 2014 09:20PM
Quote
space-time
We are also told that three security certificates used a password of "password".

wow, just wow. if you know how to generate a security certificate, you should know to use a strong password.

If they're self-signed, the process may have been automated and the password pre-filled by the OEM.



Options:  Reply • Quote
Re: so how exactly do you hack a corporation?
Posted by: space-time
Date: December 23, 2014 09:36PM
Quote
Onamuji
Quote
space-time
We are also told that three security certificates used a password of "password".

wow, just wow. if you know how to generate a security certificate, you should know to use a strong password.

If they're self-signed, the process may have been automated and the password pre-filled by the OEM.

and they don't have random number generators?
Options:  Reply • Quote
Re: so how exactly do you hack a corporation?
Posted by: Onamuji
Date: December 23, 2014 10:02PM
Quote
space-time
Quote
Onamuji
Quote
space-time
We are also told that three security certificates used a password of "password".

wow, just wow. if you know how to generate a security certificate, you should know to use a strong password.

If they're self-signed, the process may have been automated and the password pre-filled by the OEM.

and they don't have random number generators?

Dunno. I don't deal with certificates outside of the Mac ecosystem all that often.

When you generate a self-signed cert on a Mac server, you don't get prompted to provide a password at all.

The server app randomly generates a password that gets stored in the system keychain. Because of this, I never have to deal with assigning a password to a certificate anymore. Last time I did it... I dunno... Maybe under Leopard Server when it took work to create a certificate.

I'm certain that most Mac admins don't even know that it exists in the keychain.

...Some devices -- Routers and hardware RAIDs are examples -- come with their own self-signed or OEM certs from the factory and I have no idea what passwords they use. Potentially, every last one of them is "password" and I'd never know. You don't need the password for most activities, either because it's supplied at the appropriate time by the firmware/software when the device starts up or because it's pulled from a password-store (like the Mac keychain) as needed.



Options:  Reply • Quote
Re: so how exactly do you hack a corporation?
Posted by: cbelt3
Date: December 24, 2014 08:33AM
Like above, the short answer is that Sony did not give a damn about information security, and took no action despite failing external audits. Their 'security' was the equivalent of standing around naked saying "No pictures, please" !
Options:  Reply • Quote
Re: so how exactly do you hack a corporation?
Posted by: Filliam H. Muffman
Date: December 24, 2014 10:58AM
Quote
steve...
I heard one theory that suggested there may have been someone inside Sony who enabled the hack.

Quote
Muffman
"...an IT director was comprised apparently he had no background in IT and was actually a marketing exec..."



In tha 360. MRF User Map
Options:  Reply • Quote
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 84
Record Number of Users: 186 on February 20, 2020
Record Number of Guests: 5122 on October 03, 2020