Friday, April 24, 2009

Hacking with iPwn

I'm kicking myself for missing the Hacking Exposed session with Stuart McClure and George Kurtz at RSA. These guys were able to pwn a Windows Primary Domain Controlled from an iPhone. Wow! Thats some pretty amazing stuff.

For those interested in getting in the weeds with computer security I highly recommend you read Stuart and George's book Hacking Exposed. Its considered by many to be the bible for penetration testing.


Johanna B. said...

The New York Times recent article about the increased use of whole body scanning technology at airports ( brings up some interesting questions about the storing of information. These machines, which see through clothing, revealing an image of an individuals entire body spark a lot of questions concerning privacy. Not only do some see the idea of an unknown individual in another room seeing an image of their naked body to be an invasion of privacy, there is also the potential threat of what will happen to the images and whether or not they will be stored (and if so, for what purposes). While there are no current plans to store such images, many are still uncomfortable with the idea that they could be stored and misused. And as one individual pointed out, "If Angelina Jolie goes through one of those, do you really think someone's not going to keep that and sell it to the highest bidder?"

Alex P. said...

This is in response to the "Carpet Bombing in Cyberspace" reading.
While Col. Williamson addresses some of the skepticism of having a military botnet, he does not address the security of such a botnet. What would stop other sates or nonstate actors from hijacking this botnet and using it against America? If hackers can infiltrate out power generators and infrastructure, what would keep them from hacking into this botnet? While the US would not want to use the botnet to harm someone physically with a DDOS attack in a location like a hospital, many of America's enemies would have no problem doing this if they are able to gain control of such a massive botnet. Col. Williamson needs to address concerns about this botnet's security before taking his plan any further. Much as we would not want one of our missiles to be hijacked and used against us, we would not want our botnet used against us.