Some people have way too much time!
Hacker's Mac pwning expedition: 'Help, I've got too many shells!'
When Dan Tentler hacked writer Kevin Roose's Mac, his chief problem wasn't trying to pop the shell; it was trying to rein in the hundreds of shells he spawned. Tentler had been tasked with breaching Roose's computer for a documentary showcasing penetration testers' ability to compromise users. Tentler, also known as "Viss", …
COMMENTS
-
-
Thursday 17th November 2016 19:25 GMT Ashley_Pomeroy
Alien Lego Terminator vs Predator: Lord of the Rings
You know what would be awesome? Terminator: Lord of The Rings, in which a descendent of Saruman uses futuristic technology to send a Terminator back from the future to kill Frodo et al before they can drop the One Ring into Mount Doom.
It would begin with the Terminator punching a dwarf's heart out. "Your mithril-mail - give it to me". Later on he would attack a tavern, with a crossbow in one hand and a sword in the other. In a bizarre twist it would be revealed at the end that the rings were actually forged from the debris of the exploded, melted Terminator chassis, or something.
I would pay to see that.
-
-
-
Thursday 17th November 2016 22:26 GMT Youngone
Re: No mention of the earth quakes
Thanks for the sympathy Dave Roberts.
I live in Auckland, so have avoided having my house fall on my head, but friends in Christchurch are heartily sick of the shaking, even if there was limited damage this time. (In CHCH at least).
The weather has been pretty ropey, it's true, but on the plus side, the first wee tomatoes have set and my Blueberries are beginning to come through too.
-
Thursday 17th November 2016 12:59 GMT Anonymous Coward
The root of his problems
From the reporter's documentary webpage: "I’ve received a lot of phishing emails over the years, and this was the slickest one I’d ever seen—so slick, in fact, that I clicked on it even though I had promised myself I would be extra-careful while the hackers were targeting me."
-
Thursday 17th November 2016 13:26 GMT Frank Bitterlich
Quick sum-up...
OK, let's see what we have here...
- Some social engineering
- One spearphishing email
- Lots and lots of "scary" demonstrations of what an attacker can do when they get root. ("OMG, they made my computer SPEAK TO ME!")
Anything new in this documentary? Hardly. Just the same well-known facts: If you can trick one person in handing over an account to an attacker, other accounts fall like dominoes. Duh. But the documentary (or rather, the article of the author/subject) fails to mention that there was hardly any classic "hacking" involved. If you can convice your mark to install malware on their machine, you can just as well try to convince them to hand over their laptop altogether. (You know, for "urgent repairs". Trust me, Apple sent me to pick it up.)
I'd rather like to know whether the people who fell to the social engineering calls were violating the rules, or if the protection/authentication rules of those companies are still not up to date.
One final thing: Both SSNs and credit card numbers are hard to keep secret. But yet they are still used as tokens of authentication, mainly in the US. As long as the majority of the people are content with keeping it this way, nothing will change (except the scope of breaches, which will continue to increase).
-
Thursday 17th November 2016 19:10 GMT Anonymous Coward
We can stop security hacking! It's very EASY to do!
Move to hardware IDIOTS!
http://www.atmel.com/tools/cryptoauthentication_ateccx08a_development_library.aspx?tab=related
SECURITY has been solved no one wants it!
Very funny state to be in, bitching your hacked and not using SECURITY in hardware.
Your all fools for using software SECURITY.
-
Thursday 17th November 2016 22:26 GMT Anonymous Coward
Dan Tentler demonstrates social engineering hack
Calling it 'Dan Tentler hacked writer Kevin Roose's Mac' is being a bit economical with the truth. The alleged Mac hack consisted of an email phishing msg that tricked him into going to a bogus squarespace site and and then installing some malware. A more interesting fact to take away from Defcon would be, what is the breakdown in reveue lost to online fraud by Operating System Platform.