Sunday, March 02, 2008

No Tech Hacking covers a story on Johnny Long the "No-Tech Hacker".

Long shows us the no or low tech way hackers have worked for years by exploiting the simple things. Why use cross-site scripting, DNS poisoning or SQL injection when you can gain access through the back door. And no I don't mean through a software back door. I mean through the emergency exit.

"By law, employees have to be able to leave a building without showing credentials," Long says. "So the way out is often the easiest way in."

Hired to breach a secure building with proximity card readers, Long to the old-fashioned approach. Instead of looking for vulnerabilities or trying to hack the card readers at the building's entrances, he and another hacker shimmied a wet washcloth on a hanger through a thin gap in one of its exits. Flopping the washcloth around, they triggered a touch-sensitive metal plate that opened the door and gave them free roam of the building. "We defeated millions of dollars of security with a piece of wire and a washcloth," Long recalls, gleefully.

Long, who runs the site, has recently released the book No Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing also works as a penetration tester for Computer Sciences Corporation. A company which employees and outsources "white-hat" hackers to probe weak points in a company's information security.

No comments:

Post a Comment

All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you