lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: jan.muenther at (
Subject: RE: [Fwd: [TH-research] OT: Israeli Post Office break-in]


I can't resist - have to make a few comments on this one, despite us moving
massively off topic. 

> > 1. How did they know which switch to connect to? Wouldn't this require
> > some knowledge of network topology.

Not necessarily. You'd be amazed by how many (even large) companies have a
totally flat network topology, normally due to "historical growth". 

> if it's a managed switch, most have SPAN (or RSPAN) port capability.  mirror
> other ports to the sniffer port as appropriate.

Erm, common misconception. You don't need to have a span port to sniff in a
switched network. And no, you don't have to force the switch into 'hub' mode
by flooding its CAM table. ARP cache poisoning works beautifully,
particularly when you have operating systems which let you overwrite ARP
entries without even the slightest warning (and no, not only Windows is
guilty of that). 

> > 3. How did they get access to the switch. Shouldn't it have been locked
> > away.
> .. never underestimate the power of stupidity. :-)
Indeed. Sometimes physical security of institutions where you'd expect it to
be good is abominable. Also, some basic social engineering can take you a
long way. 
> > 4. How did they convert electrons to money? Was this by raiding bank
> > accounts or collecting credit card numbers?

If you make it into the backend transaction systems, there's a heck of a lot
you can do. 

Cheers, J.

Powered by blists - more mailing lists