Re: [Full-Disclosure] RE: [Fwd: [TH-research] OT: Israeli Post Office break-in]
From: Lan Guy (rlanguy_at_hotmail.com)
Date: 01/14/04
- Previous message: 01security: "[Full-Disclosure] Serious Possible SQL Injection in munchahouse.com Ecommerce site"
- In reply to: jan.muenther_at_nruns.com: "Re: [Full-Disclosure] RE: [Fwd: [TH-research] OT: Israeli Post Office break-in]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <jan.muenther@nruns.com>, "Dave Paris" <dparis@w3works.com> Date: Wed, 14 Jan 2004 09:50:52 +0200
Yesterday I had to go to an "Israeli Post Office". I decide to look around.
This is what I saw:
The Comms cabinet in the managers room, was in clear view of all from the
reception area and was open.
There was a 16 port Hub or switch. (9 ports not used) I think it was
unmanaged
An ISDN TA Box
A stand alone Tower server with internal backup.
I also had to go to my HMO who have a similar setup, but:
The comms cabinet is in the recpetion area Locked but with the keys in the
lock and 3 steps away from the front door.
A 24 port managed switch, but I suspect that the 11 unused ports were still
active.
A personal observation on Israel as a whole: Personal security is viewed as
very important, but physical and Personel security is extreme lax.
Last year there was a case of a bank employee who stole 250 Million Sheqels
($US60 Million) from her customer's accounts.
Lan Guy
----- Original Message -----
From: <jan.muenther@nruns.com>
To: "Dave Paris" <dparis@w3works.com>
Cc: <John.Airey@rnib.org.uk>; <ge@egotistical.reprehensible.net>;
<bugtraq@securityfocus.com>; <full-disclosure@lists.netsys.com>
Sent: Tuesday, January 13, 2004 8:53 PM
Subject: Re: [Full-Disclosure] RE: [Fwd: [TH-research] OT: Israeli Post
Office break-in]
> Howdy,
>
> I can't resist - have to make a few comments on this one, despite us
moving
> massively off topic.
>
> > > 1. How did they know which switch to connect to? Wouldn't this require
> > > some knowledge of network topology.
>
> Not necessarily. You'd be amazed by how many (even large) companies have a
> totally flat network topology, normally due to "historical growth".
>
> > if it's a managed switch, most have SPAN (or RSPAN) port capability.
mirror
> > other ports to the sniffer port as appropriate.
>
> Erm, common misconception. You don't need to have a span port to sniff in
a
> switched network. And no, you don't have to force the switch into 'hub'
mode
> by flooding its CAM table. ARP cache poisoning works beautifully,
> particularly when you have operating systems which let you overwrite ARP
> entries without even the slightest warning (and no, not only Windows is
> guilty of that).
>
> > > 3. How did they get access to the switch. Shouldn't it have been
locked
> > > away.
> >
> > .. never underestimate the power of stupidity. :-)
> Indeed. Sometimes physical security of institutions where you'd expect it
to
> be good is abominable. Also, some basic social engineering can take you a
> long way.
> >
> > > 4. How did they convert electrons to money? Was this by raiding bank
> > > accounts or collecting credit card numbers?
>
> If you make it into the backend transaction systems, there's a heck of a
lot
> you can do.
>
> Cheers, J.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: 01security: "[Full-Disclosure] Serious Possible SQL Injection in munchahouse.com Ecommerce site"
- In reply to: jan.muenther_at_nruns.com: "Re: [Full-Disclosure] RE: [Fwd: [TH-research] OT: Israeli Post Office break-in]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
