Hacking outside the box
How do you protect yourself from the smooth-talking hacker whose only "tools" might be a floppy disk and a smile?
Hey there. This is Dave in Tech. We're trying to patch our servers to protect them from the latest worm attack and I'm gonna need to ask everyone to change their network passwords. Would you mind doing that for me now? And just to make sure it conforms to our new standards can you tell me what it is?"
OK, you wouldn't fall for a phone call like that, but would everyone else in your organisation be able to twig to the fact that there is a very good chance they were being hacked? Willing to bet the business on it?
The other week I had the pleasure of chairing a Security in Government conference in Canberra where I heard lots of horror stories. Of course there were discussions about the huge blackout in New York and surrounding areas. Though that's not being reported as being the result of an attack (though subsequent blackouts in London and Sydney make one wonder), the event did illustrate how easily a baddie might possibly wreak havoc with the right passwords instead of explosives.
[ Read more ]