Hi John,
> > > Which type of hacker represents the highest risk to your network?
> > >
> > > A. Disgruntled employee
> > > B. Black-hat hacker
> > > C. Grey-Hat hacker
> > > D. Script kiddies
>
> All 4 do define their ability. A kiddie with Black-hat skills is a
> Black hat. There is one correct answer.
OK, I'll bite. :-) I'd say A, since they often exist and they've easy
access to "private" systems.
Two cases I can think of off the top of my head. A sys. admin. employee
was cracking encrypted passwords, fair enough, helps highlight poor
passwords. I could tell he was since some machines were slow and he
didn't hide it, e.g. argv[0]. After he left, disgruntledly, he guessed
that some of those users may use the same, non-trivial but crackable,
passwords on rented machines on the Internet and from there got access
to a database he wanted to examine.
The other one is an intern at a company, bright enough, learning his way
around Unix, decided to create, e.g. /tmp/{ls,sl} for those with a PATH
that looks in the current working directory, just to gain that user's ID
for a bit of fun with his colleagues. Completely non-malicious, I'm
sure. The scripts were found, their existence went upwards and across
to personnel and he was escorted off site. Unfortunate since the
company was helping fund his way through university. (Yes, perhaps the
company could have handled it better, but people cover their backsides.)
I've only experience any of the others once. Someone used a flaw in an
old Red Hat system that was still on the net. It should have been
updated and wasn't. That got him a root shell prompt, but I suspect he
was a script kiddie because he did little of note other than pull down a
rootkit and fail to cover his tracks. (I was watching his actions by
then since it broke the system in an odd way.) He removed .bash_history
and then logged out. He should have known .bash_history is written on
exit and done `kill -9 $$'. :-)
Cheers,
Ralph.
--
Next meeting: Crown Hotel, Blandford Forum, Tuesday 2010-11-02 20:00
Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/
How to Report Bugs Effectively: http://goo.gl/4Xue
