Skip to main content

View Diary: "Everyone is going to be hacked" (134 comments)

Comment Preferences

  •  LOL! Just sent you something... (23+ / 0-)

    ...with links to the Popular Science article on cell towers...then I saw this diary!

    Actually went to a Black Hat conference in 2006/2007 (kind of by accident, I was in Las Vegas attending another trade show and happened to be staying in the hotel where the Black Hat conference was being held). It was one of their first and most highly-publicized events. They hacked EVERY person's cellphone in the hotel and in the audience for the keynote address! (It was quite a sight...since they projected all the names of the individuals whose phones they hacked right on the main screen in the ballroom of the hotel, AT the keynote address, too!)

    Here's a link to another, perhaps an even more compelling, article that'll freak out of everyone as far as hacking's concerned, too: Anyone want to know my Social Security Number? (I've written/published diaries here about Professor Acquisti's work at Carnegie-Mellon at least 3 or more times, starting a couple of years ago.)

    As I just noted it a day or two ago in a comment here, for a few thousand bucks not just yours truly, but anyone with the wherewithal, resources and access, may obtain access to multiple sources that guarantee they can hack any Cisco firewall, ANYWHERE! (Think about that.)

    I've made--and continue to make--the statement: "Everything is hackable," in presentations to clients, potential clients and others for well over a decade.

    "I always thought if you worked hard enough and tried hard enough, things would work out. I was wrong." --Katharine Graham

    by bobswern on Wed Sep 03, 2014 at 11:06:39 AM PDT

    •  And most of us programmers have access to (12+ / 0-)

      all your data for that company - ie, the insurance company I work for, I can get all your policy info, if it's the right type of policy.  When I worked at the hospital, I had access to all your inpatient data, labs, just about anything.

      Y'all are damned lucky that most of us programmer types don't really give a shit about what data you have, we just want the programs do what the company wants them to do.

      •  Hmmm, that's actually pretty surprising (7+ / 0-)

        I'm a programmer for one of the big telephone companies that everyone hates, and I have access to jack squat in terms of customer data.

        That's not to say other IT guys don't have access - obviously someone has to be managing the servers all the customer data is stored on, and once you have physical access you have everything you need, but they do a pretty good job of making sure that people who don't need access to perform their daily job don't have it, so I have zero access to real customer data. I guess I would've thought other major companies did the same. Especially patient info, HIPPA and all that.

        "How come when it’s us, it’s an abortion, and when it’s a chicken, it’s an omelette?" - George Carlin

        by yg17 on Wed Sep 03, 2014 at 01:22:20 PM PDT

        [ Parent ]

        •  AT&T? Don't feel bad. (5+ / 0-)

          "and I have access to jack squat in terms of customer data."

          Neither does Tech Support. /rimshot   SCNR

        •  No, to me it's not. I used to work for MCI. (5+ / 0-)

          I had access to all the information/data on the NCBS system.  I even had the limited power to change data on certain items.  I gave back 2.5 million dollars to a big company because of a billing error.  I needed to see the contents of production files in order to be able to fix the S0C7 when I get called at 2 in the morning when the job dies.

          I can read the data, but I can't necessarily change the data in production files.  Different places have different procedures on how to fix production data if it goes bad during cycle and it's usually documented on what you're supposed to do.

          When I was at the hospital, I could look at all the patient info, but I couldn't see the hospital general ledger files.  I was programming on the inpatient nursing documentation system.  So, I needed to have access to relevant data.

          I'm not going to go in and change stuff, especially if it's a mainframe system.  There's an audit trail on each of the files and it's logged, as SOP in most shops.

          But, by an large, if you're programming on a system (workflow/cycle/whatever) you usually can at least see the production data.  I've been at a couple of places where I could change the production data without it having an audit trail.

          The stories we could tell on what happens in big company IT departments...... scare the crap out of them!!!  They'd never trust anything they saw again!!

          •  A favorite daydream of mine... (3+ / 0-)
            Recommended by:
            nchristine, Cassandra Waites, eyo

            ...involves going back into time and making sure Al Gore won the White House so that MCI/WorldCom blew up the U.S. Government could swoop in and buy it up - and create a long-distance phone company that would provide cheap quality internet service.

            You know, like so many other civilized countries whose average internet speeds are an order of magnitude faster than ours?

            Visit http://theuptake.org/ for Minnesota news as it happens.

            by Phoenix Woman on Wed Sep 03, 2014 at 04:11:47 PM PDT

            [ Parent ]

    •  I remember a relevant Dilbert cartoon on this (12+ / 0-)

      Seems that Dilbert and his girlfriend are at a restaurant.

      Dilbert is telling her about how he'd never put his credit card information online - right as he's handing a credit card to their waitress.  

      In the last panel, the waitress hands him back his card, whilst wearing a brand new fur coat.

      Visit http://theuptake.org/ for Minnesota news as it happens.

      by Phoenix Woman on Wed Sep 03, 2014 at 12:22:33 PM PDT

      [ Parent ]

    •  ha haa, that's funny. (6+ / 0-)

      "Hack everyone's mobile."

      I don't have one.  Ditched it in 2001.

      I get all the surveillance I want from the three-letter agencies, for my tax dollars: why pay more?

      If I want audio that's about equal to a cellphone (WE 102, 1934) I have one of these: http://www.pinterest.com/...

      If I want better audio than a cellphone, this will do nicely (WE 302, 1937):
      http://www.pinterest.com/...

      If I'm stuck waiting in a line somewhere and need to keep amused, I have an imagination (it's free) and know how to daydream on demand (it's easy) or meditate (it's good for you).

      And if a client needs to reach me at obscene o'clock at night, they can dial a special code that goes to this (GPO 746, mid 70s), right next to my bed:
      https://www.flickr.com/...

      No cameras that can be turned on by software I can't see, and the microphone is controlled by a physical switch rather than more software I can't see.  

      GOTV as if your life depends on it, because somebody's life does.

      by G2geek on Wed Sep 03, 2014 at 12:34:35 PM PDT

      [ Parent ]

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site