The Art of Intrusion

2008-03-17

in Geek stuff, Internet matters, Security

Ottawa war memorial

I bought Kevin Mitnick‘s book largely out of nostalgia for elementary school days involving 2600 Magazine and a phone system that still used in-band signaling. While it does demonstrate that computer hacking skills don’t translate brilliantly into writing ability, it is a quick and interesting read for security-inclined nerds.

The lesson for the general public is that decent security is very hard to achieve; there are just too many avenues of attack. When dealing with something as complex as a corporate or government network, there will virtually always be some obscure forgotten modem, some employee who can be tricked, some wireless signal that can be intercepted. Faced by opponents with sufficient time, resources, and risk aversion, pretty much any network is likely to fail.

Of course, that doesn’t mean we should throw up our hands and ignore security. It remains possible to stop many breaches, to notice the ones that happen, to limit the damage they do, and to improve our chances of catching those who pulled them off. For those whose business it is to do such things, the Mitnick book may provoke a bit of new thinking. For interested amateurs, it provides a decent glimpse into the real character of computer hacking: an activity apparently more akin to patient, precise occupations like archeology than to fast-paced daredevil stunts like those in Hackers or The Matrix. Overall, Bruce Schneier is more interesting and a better writer, but Mitnick has a lot more focus on (and perhaps more access into) the blackhat community.

Report a typo or inaccuracy

{ 4 comments… read them below or add one }

Anon March 17, 2008 at 4:48 pm

Long and interesting article on Afghanistan:

Battle Company Is Out There

. October 16, 2009 at 10:45 am

Computer-Based System To Crack Down On Casino Card Counters

“Card counting is perfectly legal — all a counter does is attempt to keep track of whether the cards remaining in a deck are favorable to his winning a hand (mainly if there are lots of tens and aces remaining in the deck) — but it’s deeply frowned upon by Vegas casinos. Those caught counting cards are regularly expelled from casinos on the spot and are often permanently banned from returning. But given the slim house odds on Blackjack, it’s often said that a good card counter can actually tip the odds in his favor by carefully controlling the way he bets his hands. And Vegas really doesn’t care for that. The anti-card-counter system uses cameras to watch players and keep track of the actual ‘count’ of the cards, the same way a player would. It also measures how much each player is betting on each hand, and it syncs up the two data points to look for patterns in the action. If a player is betting big when the count is indeed favorable, and keeping his chips to himself when it’s not, he’s fingered by the computer… and, in the real world, he’d probably receive a visit from a burly dude in a bad suit, too. The system reportedly works even if the gambler intentionally attempts to mislead it with high bets at unfavorable times.” It’s not developed in Vegas, though, according to the brief description (the other projects are also interesting) from the University of Dundee’s release, but rather in conjunction with the Dundee Casino.

. January 7, 2011 at 1:46 pm

A man awaiting trial in Pennsylvania was arrested by Federal agents on Jan. 4, and accused of exploiting a software ‘glitch’ within slot machines in order to win payouts. The exploit may have allowed the man to obtain more than a million dollars from casinos in Pennsylvania and Nevada, and officials say they are investigating to see if he used the method elsewhere. The accused stated that ‘I’m being arrested federally for winning on a slot machine. Let everybody see the surveillance tapes. I pressed buttons on the machine on the casino. That’s all I did.’ Apparently, slot machine software errors are fairly common. The lesson here seems to be that casinos can deny you a slot machine win any time they wish by claiming software errors, and if you find an error that you can exploit, you may find yourself facing Federal charges for doing so.

a May 3, 2012 at 9:20 pm

2600 Meeting
Next Meeting: Friday, May 4th, 2012
Location: Free Times Cafe (site), 320 College St., Toronto, ON M5T 1S3
Time: Show up around 5 or 6 PM! Meets usually last until 9pm or so

Our meets are held on the first friday of every month, and are open to all, and are held in a location with great food, drinks, and service. Join us for enlightening discussions on any number of subjects, or just to have a good time.

Leave a Comment

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Previous post:

Next post: