Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Frackin script kiddies!!



On Wed, Aug 4, 2010 at 3:51 PM, Derek Martin <invalid-yPs96gJSFQo51KKgMmcfiw at public.gmane.org> wrote:
> On Tue, Aug 03, 2010 at 12:15:33PM -0400, Jarod Wilson wrote:
>> Yes, a professional will steal your car no matter what. A dumb kid
>> looking for a joyride is slightly more apt to take the car that is
>> unlocked with the keys in the ignition than the one that is locked
>> with no keys in sight.
>
> It's amusing to me that you use this example. ?A friend of mine had
> his Mustang 5.0 LX stolen right out from under his nose.

Heh, that sucks.

> He had his
> windows up, doors locked, and the car had an alarm, which went off.
> After hearing a car alarm, he went to the window to see if it was his,
> and arrived just in time to watch the thieves driving his car away...
> mere seconds later. ?The cops caught up with the theives (though were
> unable to apprehend them) and reported that they were kids out on a
> joyride. ?The car was later found abandoned, and quite damaged.

So a detail I left out of there was that I was thinking all the cars
were more or less the same, none was obviously better than the others,
which was the case w/your friend's Mustang. (The thinking being that a
hacker has no idea exactly what the computer they're trying to break
into actually looks like feature-wise, until they're in). So if all of
the cars are Mustangs, the kid takes the one that is unlocked w/the
keys in the ignition (i.e., David's computer. :).

>> Its not about feeling secure. Its about keeping out stupid idiots. SSL
>> + auth keeps stupid idiot vandals out. And to me, that's Good Enough
>> for a non-critical system like a mythtv box. The determined will
>> always find a way in if they really want to.
>
> It's probably enough. ?The script kiddies usually don't much care if
> they don't get you, because their script is going to get dozens or
> hundreds of others. ?They're not going to try very hard, because they
> don't need to. ? Having been one myself, I know that security
> types tend to get a bit overzealous about security of things that just
> don't need it. ?But I also know that non-security types are often
> appeased by things that are just not helping...

I'm obviously not a security guy, but I'm certainly
security-conscious, and aware of the risks, etc. And yes, imo, someone
is being a touch overzealous here. :) (And in their opinion, I'm sure
I'm probably an idiot when it comes to security. Everyone's entitled
to their opinion.)

-- 
Jarod Wilson
jarod-ajLrJawYSntWk0Htik3J/w at public.gmane.org







BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org