[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <BAY7-DAV36iEWpa7UWd000302a3@hotmail.com>
From: rlanguy at hotmail.com (Lan Guy)
Subject: RE: [Fwd: [TH-research] OT: Israeli Post Office break-in]
Yesterday I had to go to an "Israeli Post Office". I decide to look around.
This is what I saw:
The Comms cabinet in the managers room, was in clear view of all from the
reception area and was open.
There was a 16 port Hub or switch. (9 ports not used) I think it was
unmanaged
An ISDN TA Box
A stand alone Tower server with internal backup.
I also had to go to my HMO who have a similar setup, but:
The comms cabinet is in the recpetion area Locked but with the keys in the
lock and 3 steps away from the front door.
A 24 port managed switch, but I suspect that the 11 unused ports were still
active.
A personal observation on Israel as a whole: Personal security is viewed as
very important, but physical and Personel security is extreme lax.
Last year there was a case of a bank employee who stole 250 Million Sheqels
($US60 Million) from her customer's accounts.
Lan Guy
----- Original Message -----
From: <jan.muenther@...ns.com>
To: "Dave Paris" <dparis@...orks.com>
Cc: <John.Airey@...b.org.uk>; <ge@...tistical.reprehensible.net>;
<bugtraq@...urityfocus.com>; <full-disclosure@...ts.netsys.com>
Sent: Tuesday, January 13, 2004 8:53 PM
Subject: Re: [Full-Disclosure] RE: [Fwd: [TH-research] OT: Israeli Post
Office break-in]
> Howdy,
>
> I can't resist - have to make a few comments on this one, despite us
moving
> massively off topic.
>
> > > 1. How did they know which switch to connect to? Wouldn't this require
> > > some knowledge of network topology.
>
> Not necessarily. You'd be amazed by how many (even large) companies have a
> totally flat network topology, normally due to "historical growth".
>
> > if it's a managed switch, most have SPAN (or RSPAN) port capability.
mirror
> > other ports to the sniffer port as appropriate.
>
> Erm, common misconception. You don't need to have a span port to sniff in
a
> switched network. And no, you don't have to force the switch into 'hub'
mode
> by flooding its CAM table. ARP cache poisoning works beautifully,
> particularly when you have operating systems which let you overwrite ARP
> entries without even the slightest warning (and no, not only Windows is
> guilty of that).
>
> > > 3. How did they get access to the switch. Shouldn't it have been
locked
> > > away.
> >
> > .. never underestimate the power of stupidity. :-)
> Indeed. Sometimes physical security of institutions where you'd expect it
to
> be good is abominable. Also, some basic social engineering can take you a
> long way.
> >
> > > 4. How did they convert electrons to money? Was this by raiding bank
> > > accounts or collecting credit card numbers?
>
> If you make it into the backend transaction systems, there's a heck of a
lot
> you can do.
>
> Cheers, J.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
Powered by blists - more mailing lists