April 22, 2015 at 10:20 am
jay-h (4/22/2015)
Eric M Russell (4/22/2015)
...However, the actual error message is a shill. If the perp tabs over to Google and searches on "Error: 8514294078", now their IP address (and maybe even recent browser history) is on file at Google. ...
A hacker running an unmasked IP is probably too stupid to be much of a threat.
I imagine an open port is hit by 100 stupid hackers, before it's hit by a smart one, but at least the organization knows it's being targeted. For the hacker with a masked IP, Google can still keep track their browsing history, as they navigate from one search result to another, which can provide clues about their background and what they're up to. The folks in Google's marketing department put a lot of thought and investment into making that happen, and it can be leveraged for other things besides pop-up adds for home re-financing.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
April 22, 2015 at 10:44 am
Really, Google itself is just a massive honeypot used by marketing dicks to brand us and retail our browsing habits.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
April 22, 2015 at 11:23 am
SumOfDavid (4/21/2015)
So let me get this right. You're suggesting Password123 be my duress password instead of password123? Yah, I think that might work! 😀I think there are 101 simpler and safer ways to get access to a corporate database or system than kidnapping an overworked and tired sysadmin.
There was a case where somebody was leaving USB sticks with malware on the ground outside the corporate front doors. Guess what, dozens of employees picked them up and plugged them into their computers. No need to kidnap anybody.
Heh.... emphasis on "safer" and "duress"... not for me but for the poor slob that ever tries something like this. I'm not only a DBA, former serviceman, former karate instructor, and really ticked off end user, I'm also old. You should never threaten or try to fight with someone old because, since we're either too tired to fight or just don't want to spend the time doing what we've done all our lives, we'll just drop someone where they stand. 😛
--Jeff Moden
Change is inevitable... Change for the better is not.
April 22, 2015 at 11:24 am
In the Charlie Hebdo attack, the terrorists forced an employee at gunpoint to swipe her card to get into the building. So a duress password on top of the physical card could have saved lives. There is the old adage that the terrorist only has to be right one out of a thousand times. When there is a lot of money at stake, it makes a physical attack worthwhile. The Target breach involved insider information. While the average hacker type isn't likely to be prone to violence, terrorists, drug dealers, organized crime, etc. have no such qualms.
April 22, 2015 at 11:51 am
lptech (4/22/2015)
In the Charlie Hebdo attack, the terrorists forced an employee at gunpoint to swipe her card to get into the building. So a duress password on top of the physical card could have saved lives. There is the old adage that the terrorist only has to be right one out of a thousand times. When there is a lot of money at stake, it makes a physical attack worthwhile. The Target breach involved insider information. While the average hacker type isn't likely to be prone to violence, terrorists, drug dealers, organized crime, etc. have no such qualms.
In the case of a Charlie Hebdo style terrorist attack, what should happen when the employee enters the duress password; perhaps the door remains locked and the alarm system silently auto dials 911 for police?
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
April 22, 2015 at 1:39 pm
Simply not allowing access would put the person using the duress password at risk of serious injury or death. The duress code would have to lock down the building, but allow the perpetrators go somewhere. Such as have to elevator go to a floor specific floor, but have the display read the requested floor.
But this has to be backed up with security staff that is up to the situation. Your average security guard in the US may have less training than a licensed cosmetologist. It's a tough call for anything but large corporations. Do you have enough assets worth stealing that someone would stage an armed attack? A doctors office may 'only' have a couple of thousand of social security numbers, but that could be enough incentive for someone who thinks they could pull it off.
April 22, 2015 at 2:00 pm
lptech (4/22/2015)
Simply not allowing access would put the person using the duress password at risk of serious injury or death. The duress code would have to lock down the building, but allow the perpetrators go somewhere. Such as have to elevator go to a floor specific floor, but have the display read the requested floor.But this has to be backed up with security staff that is up to the situation. Your average security guard in the US may have less training than a licensed cosmetologist. It's a tough call for anything but large corporations. Do you have enough assets worth stealing that someone would stage an armed attack? A doctors office may 'only' have a couple of thousand of social security numbers, but that could be enough incentive for someone who thinks they could pull it off.
Here in the US, many coporate and government office buildings actually do have a honeypot floor. It's floor #13. You won't see it listed on the building directory, and there isn't an access button listed on the elevator's control panel. However, the building management can divert terrorists to floor #13, where they soon get lost in a cleverly engineered maze of cubicles and booby traps. 😉
Just google: "Why don't elevators have floor 13 ?"
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
April 22, 2015 at 5:11 pm
SumOfDavid (4/21/2015)
There was a case where somebody was leaving USB sticks with malware on the ground outside the corporate front doors. Guess what, dozens of employees picked them up and plugged them into their computers. No need to kidnap anybody.
One reason many organizations implement group policies that disable USB mass storage.
April 22, 2015 at 6:56 pm
Eric:
In Japan would that be floor 4, and for the same reason?
Jeff:
Are you older than me? I guess that it could happen.
Also don't mess with disabled folks. We have already lost body parts to something way tougher than you. With your background as an instructor look up defense and attacks using a folded white cane.
ATBCharles Kincaid
April 23, 2015 at 7:21 am
Charles Kincaid (4/22/2015)
Eric:In Japan would that be floor 4, and for the same reason?
Jeff:
Are you older than me? I guess that it could happen.
Also don't mess with disabled folks. We have already lost body parts to something way tougher than you. With your background as an instructor look up defense and attacks using a folded white cane.
It can't all be explained by friggatriskaidekaphobia.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
April 23, 2015 at 9:01 am
Eric M Russell (4/21/2015)
So did we learn anything today, or was this mostly an offbeat topic?What do you guys think about the honeypot database server to attract hackers or for duress login re-directs?
That's a good question! It's been interesting to watch the discussion. Been prepared sometimes looks like paranoia - and sometimes is! If this happens one time, would it change your mind on the value?
April 23, 2015 at 4:20 pm
Charles Kincaid (4/22/2015)
Eric:In Japan would that be floor 4, and for the same reason?
Jeff:
Are you older than me? I guess that it could happen.
Also don't mess with disabled folks. We have already lost body parts to something way tougher than you. With your background as an instructor look up defense and attacks using a folded white cane.
Dunno, Charles. I'll be 63 years young this fall.
--Jeff Moden
Change is inevitable... Change for the better is not.
April 24, 2015 at 12:51 pm
Once again Jeff is right. Got me by 2. 😀
ATBCharles Kincaid
April 27, 2015 at 9:49 am
Eric M Russell (4/22/2015)
...It's floor #13...
Which is quite ridiculous as an English Gentleman knows that the 13th floor is the 14th floor as there must be a ground floor. Of course, I exclude basements as those are for the staff. What, what.
😛
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!
April 27, 2015 at 11:27 am
Gary Varga (4/27/2015)
Eric M Russell (4/22/2015)
...It's floor #13...Which is quite ridiculous as an English Gentleman knows that the 13th floor is the 14th floor as there must be a ground floor. Of course, I exclude basements as those are for the staff. What, what.
😛
I spent 9 years in the basement at the police department. It was quite nice, but you never knew what the weather would be like when you left for the day. Two years in the basement at my previous gig, and my health crashed. So I view basements as a mixed thing.
My worst office was in the equipment closet: all of the phone switching equipment, all of the servers and routers, etc. I had to wear a jacket (in Phoenix) and noise-cancelling headphones in order to get anything done.
-----
[font="Arial"]Knowledge is of two kinds. We know a subject ourselves or we know where we can find information upon it. --Samuel Johnson[/font]
Viewing 15 posts - 31 through 45 (of 58 total)
You must be logged in to reply to this topic. Login to reply