Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
User Journal

Journal Journal: VA Tech and Simon's Rock Shootings

Journal by evought

This entry is a compilation of some of my thoughts on the recent VA Tech shootings and the 1992 shooting at my College, Simon's Rock. Like many people, my thoughts are with the victims and survivors, but also on the past.
Security

Submission + - Social Engineer Proves Major Insecurity At Banks

Submitted by
ApocalypseXP
ApocalypseXP writes: "Story from: http://www.protokulture.net/?p=79

the life of a social engineer
April 15th, 2007 by applekid

I enter the first branch at approximately 9:00AM. Dressed in Dickies coveralls, a baseball cap, work boots and sunglasses I approach the young lady at the front desk.

"Hello," I say. "Jarred White with XYZ Pest Control, here to perform your pest inspection." I flash her the smile followed by the credentials. She looks at me for a moment, goes "Uhm... okay... let me check with the branch manager..." and picks up the phone. I stand around twiddling my thumbs and wait while the manager is contacted and confirmation is made. If all goes according to plan, the fake emails I sent out last week notifying branch managers of our inspection will allow me access.

It does.

The manager greets me and brings me into the secured area behind the teller line. She never asks for identification. She says she received an email from the bank's facilities supervisor saying that we would be by on Monday. I force myself not to laugh, and nod understandingly. I explain the procedure. "Awww no ma'am," I say in a deeply Southern voice, "We don't do sprayin' on this visit. We're just here to see if there's a problem to begin with. Y'know, check for signs of rodents and crap like that." She nods, relieved that I won't be spraying pesticides. The bag that I carry is, for the most part, empty. It contains a flash light, a paper mask, a pair of work gloves, a tiny wireless access point disguised as a pager, two key loggers and lots of space to store stuff. My clipboard is also full of goodies. I sling the bag off my shoulder and get to work, as the lady wanders off. As she begins to leave, she says "Well, I guess you know what you need to do. I'll be in my office. Let me know if you need anything." I don't look up from my "work" as I thank her.

As soon as she disappears I move into the next room. The room is a work room where documents are stored, the printers are kept and various other supplies are stored. I look around the area for anything of interest. A stack of checks for deposit catches my eye, so I grab them and shove them into my clipboard. Each check has a name and account number on it. Nothing else here, but I hear a familiar humming; warm and pleasing to the ears. I walk back to the manager's office, and ask her if she could please grant me entry into "this back room, whatever's in there." She explains that this room houses their computer equipment. I nod and say that rodents are known to bed up in warm areas, and in my experience, computer rooms generate heat. I see the gears turning inside her head, and once she decides that this answer makes perfect sense, she unlocks the door. She asks only that I notify her when I am finished so that she may lock it again. I nod and tell her I would be happy to.

I enter the computer room and immediately begin to see networking equipment. A few tower servers rest on the floor beneath the rack. I could plug any number of items into the switch at this point. If they use DHCP, my rogue access point, which has been preconfigured, will provide me access to the internal network from the parking lot. My key loggers come in two flavors: USB and PS2. I decide to save the goodies for another locale. I take stickers with my company logo and place them on the networking equipment to prove that I have been there. I rummage around the area looking for confidential items. I find a company phone directory and take it. This might come in useful later, I think to myself. Near one of the terminals, I see a pink sticky note. "Bingo," I say aloud. Written on the sticky note are login credentials to the core processor. This information should allow me to query the bank's core processing software for account numbers, names and social security numbers; once I have determined its IP address. I note the credentials in my clipboard.

I fetch the manager and she locks the door. I thank her, and ask if I may inspect some of the offices out in the lobby. I let her know that I don't want to interfere, so I point to an empty office and ask if I may inspect that one. "Oh yes, that's Tom's office. He's one of our loan officers, but he's at another branch today. Sure, go right ahead." I'm already walking toward the open office before she finishes. Satisfied that I'm completing my work, she turns around and goes back to her office. Once inside Tom's office, I get down on my hands and knees and retrieve my flashlight. I pretend to inspect the area around his desk. The walls are made of glass, and everyone can see in. I try to keep an eye out for what's going on, who is watching me, and who might be coming my way, but it's difficult to tell. I decide that I had better make quick work of this place and get out.

I pull a CD from my clipboard and place it in Tom's computer. This CD contains a virus which contacts our company's Network Operations Center and provides us with information about the workstation. It's intended as a proof of concept, and nothing more. The software doesn't hurt the victim's computer. I also rummage through his filing cabinets, which are not locked, and recover a folder full of loan applications. Loan applications are great. They contain social security numbers, names, and sometimes a photo copy of the drivers license. These are no exception.

I get to my feet and return to the manager's office. I smile as I let her know I'm finished, and they have a clean bill of health. "Welp, we didn't find anything ma'am," I tell her, "Now if you'd just sign this here invoice for me just to prove to my dispatcher that I was here, I'd be much obliged." Yes, sometimes I do lay it on quite thick. She signs the fake invoices we had printed up at a local printing company. I date it and sign my initials as well. I thank her for her time and cooperation and leave the building.

I enter my vehicle and realize that I'm sweating. It's Minnesota, so it's not exactly hot outside. I nervously drive to a parking lot across the street, thinking the entire time that somebody must be on to me. Somebody must have figured out my ruse. Somebody has called the police, noted my license plate, and they must be on their way. But they aren't. As I start to calm, I inspect the items I have collected.

* 27 account names and numbers
* 13 loan applications complete with socials, names, birthdays and drivers license
* 1 phone directory with (what appears to be) extensions for everyone in the bank
* 1 login to the AIX Core Processor

This should be enough to start some new eBay accounts. I seal the information in an evidence bag, date it, sign it and place it in a secure bag. I call home base and report that the first job is done, and that I'm moving to the main branch. I light a cigarette and turn up the music as I drive to the next target."
The Matrix

Submission + - Why should I care about global warming?

Submitted by Anonymous Coward
An anonymous reader writes: Everyday, I hear about global warming/climate change. But no one ever states why I should care. Can someone give me a compelling reason in a single sentence why I should care about global warming? Really, what is the big fuss about? Is it because you are concerned that the human race will die out? I do not find this concern compelling enough for me to stop driving a SUV, flying in a jumbo jet, using the A/C or keeping the heater on in the winter. Ultimately, our planet will die anyway when our sun dies. I just wish someone could give me a very simple reason why I should care personally about global warming.... a reason compelling enough for me to want to keep the A/C off and be less comfortable.
Security

Submission + - "Hacking" a Fake Snow Day

Submitted by
Class Act Dynamo
Class Act Dynamo writes: "Two students in Trenton, Ohio face expulsion from their school and possibly some time in juvie for posting a fake snow-related announcement on the school district website. According to the article, there was no hacking involved. The girls somehow must have gotten the password. It will be interesting to find out how that happened. We'll probably find out next week that it was on a post-it note on the principle's desk."
Education

Submission + - Sex-ed the Tex-ed way

Submitted by zoltamatron
zoltamatron writes: The SF Chronicle is running a story about the Bush administration's abstinence only sex-ed program and how there is no evidence to show that it works any better than the comprehensive education it replaces. Still, California is one of only three states that does not participate in the program that pushes the Texas born curriculum. From the article:

"California took a very progressive approach," [Douglas Kirby] said. "Texas pushed abstinence and made it a little more difficult for teens to receive contraceptives. Pregnancy did go down between 1991 and 2004, but Texas had the second-lowest decline of all states, 19 percent. California had the second-greatest decrease, 46 percent."
The article says there is more than $1 billion in federal money going to these programs.
Programming

Submission + - Teaching children to write software?

Submitted by
Desmond Elliott
Desmond Elliott writes: "I recently worked on a piece of software for an undergraduate course which involved me writing a Sudoku game using the GWT. My youngest sister (9 years old) was fascinated to know how I had done it and seems quite keen to want to know more. I know that some people say that children and fickle at that age but I'm keen to let her have the resources that she needs to learn more about programming if she wants to. Does anybody know about any good resources for children to learn more about Java?"
Data Storage

Submission + - Carbon Nanotubes For Non-Volative Computer Memory

Submitted by Anonymous Coward
An anonymous reader writes: Researchers at the University of California have developed telescoping carbon nanotube memory which is non-volatile and may offer the possibility of atomic-scale computer data storage that would replace both RAM, FLASH RAM, and hard drive storage in the next few cycles. The URL is http://www.physorg.com/news89986583.html.
Graphics

Submission + - NVIDIA Vista Driver Class Action Lawsuit Readied

Submitted by igibo
igibo writes: The NVIDIA support forums are chock full of angry early adopters clamoring for functional Vista drivers to use with their multi-hundred (thousand!) dollar GPUs. Presently, there are a group of outspoken, outraged customers seeking compensation via a class action lawsuit. Me? I just want to be able to rotate my secondary display!
Robotics

Submission + - New Air Force drones have payload of F-16s

Submitted by
An anonymous reader writes: Call them UAVs, drones, remote-controlled aircraft, or robotic air vehicles-it's clear that this new generation of weaponry increasingly is playing a key role in the U.S. arsenal. And what we've seen so far is nothing compared with what's in the pipeline. In early production today is a kind of Predator on steroids-the MQ-9 Reaper. Six times heavier than the current Predator, the Reaper is capable of holding a payload of missiles and bombs equal to that of an F-16 fighter-and can linger in the same area for as long as 24 hours. See story for photos: www.usnews.com/badguys
Operating Systems

Submission + - Version control for config files, scripts etc....

Submitted by TokyoCrusaders92
TokyoCrusaders92 writes: Like a lot of other organizations (800 staff, 5000 students) we have a mix of windows, novell & linux...primarily linux...for our IT infrastructure. We now have a multitude of config files, firewall rule bases, shell scripts etc which are managed by multiple people / groups. Recently we started using RCS for version control of the firewall rulebase but this doesn't seem like it would scale up to larger groups of users. What are other people using to manage their config files....nice features would include version control, logging, multiple users, secure authentication, integrity checking...?
Spam

Submission + - Cingular fined for using Adware

Submitted by
amigoro
amigoro writes: "Priceline, Travelocity, and Cingular have been fined for using fined for using adware by the New York Attorney General.

Today’s agreements require that each advertiser deliver online ads only through companies that:
  • Provide to consumers full disclosure of the name of the applicable adware program and any bundled software;
  • Brand each advertisement with a prominent and easily identifiable brand name or icon;
  • Fully describe the adware and obtain consumer consent to both download and run the adware;
  • Make it practicable for consumers to remove the adware from their computers;
  • Obtain consent to continue serving ads to legacy users;
  • Require their affiliates to meet all of these same requirements.
  • The agreements also require Priceline, Travelocity, and Cingular to engage in due diligence with respect to selecting and utilizing adware providers. Prior to contracting with a company to deliver their ads, and quarterly thereafter, the companies must investigate how their online ads are delivered. The companies must immediately cease using adware programs that violate the settlement agreements or their own adware policies.
  • Under the terms of the agreements, Priceline, Travelocity, and Cingular will pay $35,000, $30,000, and $35,000, respectively, to the State of New York as penalties and investigatory costs.
"

Slashdot Top Deals

"Gotcha, you snot-necked weenies!" -- Post Bros. Comics

Close