Awesome... Thanks for sharing this! On Dec 28, 2007 12:23 PM, Kurt Buff <[EMAIL PROTECTED]> wrote:
> ---------- Forwarded message ---------- > From: InfoSec News <[EMAIL PROTECTED]> > Date: Dec 28, 2007 1:26 AM > Subject: [ISN] IT security goes Prime Time > To: [EMAIL PROTECTED] > > > http://weblog.infoworld.com/zeroday/archives/2007/12/it_security_goe.html > > By Matt Hines > InfoWorld.com > December 27, 2007 > > If the watermark for attaining hip-ness in American culture is landing > on TV or in Hollywood, in addition to the endless video annals of the > Web -- such as YouTube [1] -- then IT security, and penetration testing > in particular, has finally made it. > > Yes, we've been seeing some pretty sophisticated hi-tech gadgetry in > films since before the Sean Connery era of "James Bond," and some truly > awful attempts to flesh out the perils that exist in the electronic > environment, but now things have gotten so absolutely wild in the real > world that security gamesmanship has gone reality TV. > > Last week, CourtTV began running a new series dubbed "Tiger Team" in > which experts in IT and physical security engage in a pre-planned game > of cat-and-mouse pitting them against high-priced protection systems put > in place by actual businesses. > > The initial results aren't pretty. That is, for those companies who > think that they've invested sufficient time and energy in trying to > defend their physical and informational assets. > > In the show's initial episode, available for viewing here [2] in four > clips offered via official the CourtTV site (with minimal advertising > inter-dispersed I might add), the Tiger Team experts take on San Diego's > famed Symbolic Motors, a dealer of the ultimate forms of motor vehicular > expression -- Lamborghinis, Lotuses and Bentleys, yum. > > Without ruining all the details for you, the team makes it perilously > clear that they can and will defeat expensive IT security, video > monitoring, motion detection and physical defenses with a little > easily-pulled off reconnaissance (including a free test drive in a new > Lotus Elise, nice bonus dudes!) and virtually no resistance. > > One of the most shocking aspects of the exercise is when after doing > some rudimentary dumpster diving, the team uncovers details of the > dealer's IT services provider (hi there LANSolutions! "We provide > comprehensive, impenetrable safeguards for your business!" Hahaha!), and > merely pose as one of its employees to gain access to Symbolic's server > room and all the data therein. > > Having nearly fully compromised the organization's entire perimeter > defenses beforehand, the team carries out its plan and breaks in during > the night and has its way with another free test drive. > > And oh yeah, they also find a sales contract with all the personal > information of an individual who appears to be well-known Hollywood car > aficionado Nicholas Cage, and the records of a lot of other celebrity > customers. So if they get tired of driving their free Lambo Murcielagos, > Tiger Team can carry out some uber-targeted identity theft (if Cage has > any money left from all those divorces, that is) whenever they feel like > it (perhaps his next role should be "All my career earnings gone in 60 > seconds"). > > Not detailed in the CourtTV show, but fed to Zero Day blog, is the > information that the Tiger Team utilized automated penetration testing > tools made by vendor Core Security as part of its arsenal for finding > ways to crack the dealership's IT systems. > > Nice product placement, but the usage also points out, as recently > described to me by Symantec security research guru Carey Nachenberg, how > bad guys are using the same commercially-produced tools as used for > protection by the white hats to find ways to get inside company > perimeters. > > The high-price of such products is clearly no longer an issue for people > backed by a billion-dollar cyber-crime industry it would seem. > > I'm still waiting for someone to hire Steven Spielberg to make Richard > Clarke's "Breakpoint" into a Hollywood blockbuster (and if done right I > think it could be), but in the meantime we can let the Tiger Team's work > speak to the real world relevance of IT security and the increasingly > dire landscape of criminal activity being carried out by technologically > advanced criminals. > > CourtTV is promising more Tiger Team episodes in the near future. > > Until then, keep it tuned here for further details. > > [1] http://www.youtube.com/watch?v=4Be-ZzcXVLw > [2] > http://www.courttv.com/onair/shows/red/red_player.html?id=870&link=REDshlk > > [On January 1 2008, Court TV becomes truTV - www.trutv.com ] - WK > > > __________________________________________________________________ > Visit InfoSec News > http://www.infosecnews.org/ > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ > -- ME2 ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
