A Certified Waste of Time (CISSP)
SecurityFocus:
A Certified Waste of Time
In which your intrepid columnist hands over $450 to sit for the CISSP exam, only to conclude that it measures little of value.
By Jon Lasser
Archive for the ‘LINKS’ Category.
Pringles: the latest hacker tool
Pringles: the latest hacker tool. vnunet.com Mar 8 2002 12:40PM ET
But security firm I-sec recently demonstrated that using an empty Pringles tube as an antenna could boost the hacker’s chance of picking up a wireless signal by as much as 15 per cent.
Apparently the hollow tube shape combined with a tinfoil lining makes the empty crisps tin ideal for concentrating a signal.
[Moreover – Computer security news]
University of Rochester Technology-Transfer Revenue Surges to All-Time High
University of Rochester: University Technology-Transfer Revenue Surges to All-Time High
Companies around the world paid more than 10 times more for the commercial
rights to University research last year than they did just two years before,
and that achievement has already been surpassed this year, only eight months
into fiscal year 2002, with more than $40 million in revenue coming to the
University since July 2001.
W2Knews Postmortem: How Sunbelt Got Hacked
W2Knews Postmortem: How Sunbelt Got Hacked
It’s just one of these things. You talk about security for years, you warn people once a week, protect your domains with many layers, and then some hacker walks right into your own open back door. [grin] At the end of this cautionary tale I will tell you what to do to prevent it in your own organization.
Here is how this whole thing went down, it’s not as bad as it could be, and our domains were never compromised. But it is egg on our face! Someone hacked into our phone system. It’s called phreaking, and has been done for decades. Lucky for us he was just talking to people instead of using it to (try to) break into other systems.
How it started? Last Thursday one of our Reps found she could not use her voice mail box anymore. It was forwarded to some strange number. The Admin in charge frowned, reset it, and things worked again. Then last Friday, it happened again, and with not just one but with a few mailboxes. Now we really started looking!
What the hacker did not know is that we have an advanced phone system that really is just software. The whole system is a W2K server in a special frame with 20 expansion slots. Each slot holds a card for 8 extensions. The software is powerful and allows you to reconfig anything on the fly instead of having to call your PBX vendor all the time if you move a few staff to new spots. The brand is Altigen.
We started to look in the Altigen console, and found a few mailboxes that were forwarded to far away countries. When we started to trace these down, it turned out they were Pakistan, Saudi-Arabia, Kuwait and the Philippines. Anyone that has followed the news recently can draw their own preliminary conclusions. So did we.
Since we can see everything in real-time coming in and out of the system, it was clear that a hacker had compromised a few mailboxes and was using these to break into other companies’ systems as well and create a chain of compromised PBX-es. In some cases we were the end of that chain, so we knew the final destination. The hacker was fairly smart in trying to hide their trail by dialing in, dialing out, and then dialing in again and use another mailbox.
However, since we could see and change things in real time, we took him off the voice T1, and rerouted him to a copper trunk which we could tap. And sure enough a both American and Arabic speaking male voice was busy making calls, through several other companies systems that he already “owned”. So while he was happily tapping away, we recorded what he was doing and called the FBI.
They actually are in a building 5 minutes from here so shortly they were over and listening in. And since Altigen dumps all the data into a SQL database, we were able to give them both the voice recordings and a detailed track of all the calls, their origination and destination points and duration. They were happy we could provide them with all the data immediately burned on a CD so they could start their analysis, using Excel.
The FBI agents told us that phone system hacking is happening thousands of times every day! And we had to shamefacedly admit that the password used for the compromised mailbox turned out to be the same as the extension. OUCH! The hacker simply cracked these mailboxes using this very simple trick. DUH. And me scoffing at the New York Times for using the last four digits of someone’s social security number as their default passwords…[grumble]
Luckily for us, the hacker never got into our W2K domains, and never used it for actual computer cracking, but a simple trick like this can cause damage in many other ways. Especially if one deals with a bit more sophisticated criminal elements. So we compiled all the evidence necessary and turned it over to the FBI Computer Crime Special Agents.
We then shut the hacker down, and changed all mailbox passwords to something a bit more sophisticated. We also shut down all international calling ability for mailboxes that did not need it, which was about 95%, and made some other configuration changes in the Altigen console which I’ll not go into. And to the hacker, if you read this, you were caught. Expect a tap on your shoulder any minute now.
Lesson learned: USE STRONG PASSWORDS FOR THE PHONE SYSTEMS AS WELL. Monitor your phone system logs for unusual activity and out of normal range events or durations, just like you would your networks and set red flags. You could dump that stuff into a flat file and use a tool like ELM to ping you when things are out of the ordinary.
A recipe for radical change: BCP process improvement
Auerbach via TechRepublic:
A recipe for radical change: BCP process improvement
Klez E-mail Worm To Go Off Today
Klez E-mail Worm To Go Off Today. ZDNet Mar 6 2002 10:12AM ET [Moreover – Computer security news]
Idiot-friendly virus generator shut down
Idiot-friendly virus generator shut down. vnunet.com Mar 6 2002 9:18AM ET [Moreover – Tech latest]
