equilibrium
— issue #10 {February 2015} —
.editorial
Hello, and welcome to the tenth issue of Equilibrium. :)
Although many years have passed since then, I'm pretty sure it was 2003 when I read Kevin Mitnick's book The Art of Deception. In it, he describes several real and hypothetical "hacking" cases, illustrating that humans are the weakest link in any secure system, thus a very good target for such attacks. The whole concept is called social engineering.
During that period, I was an undergraduate student. One afternoon, while we were hanging out at my apartment with some friends, we started talking about Mitnick's book that I was reading these days, so I explained the concept of social engineering to them.
The conversation was interrupted by another friend of ours, who came into the apartment frustrated. He was coming from his travel agent -located just a few minutes from my home- where he went to get his plane ticket. When he arrived there, he discovered that the agent's internet connection was down, therefore couldn't retrieve the ticket information and print it, so he had to wait until that was fixed.
By the way, although DSL connections existed, the most common internet connections at that time in Greece were PSTN (remember their sound?) & ISDN. The travel agent had an ISDN connection. How we knew that?
They told my friend something along the lines of "we are waiting for the ISDN guy of company X to come back; he was here about an hour ago and said he had to go and check something at the exchange".
I'm sure that a lot of you would have the exact same idea! :)
I quickly fired up my own ISDN connection, found the agent's details and gave them a call.
Me: Hi, I'm calling from company X; you're still having issues with your ISDN connection, right?
Agent: Yes, that's correct.
M: As I can see in my records, he had an engineer over at your place earlier today which informed us that there is a problem with Y (something that would be difficult to follow without a technical background).
(after a couple of minutes)
M: The problem should now be fixed; please, try to connect.
A: I still get the same error.
M: Then, we need to test with your credentials, since on our end everything seems fine. Can you please give me your username and password to try them out and also make sure you are using the correct combination?
A: Sure (...)
After thanking and telling him that I would run some tests and call him straight back, I tried his credentials using my ISDN modem. They worked. A few minutes later, I called him back and explained that I was actually a student doing some research on security, found a good excuse about how I knew he had a problem with his internet connection, told him that I was sorry for wasting a few minutes of his day and advised him not to give sensitive information over the phone, to change his username & password, etc.
Of course, I immediately threw away the credentials (I did the whole thing just to try out if that whole thing worked) and never used them again - I never even tried them again just to test if he actually changed them, but that taught all of us a very important lesson. To always keep in mind that no matter how secure a computing system is, there is always a human available to screw it up!
The book might be old, Mitnick hacking days might be older, but such attacks still exist. The latest example that comes to mind is an attack against eBay, where the attackers stole "a database containing encrypted passwords and other non-financial data" (still a lot of personal data though).
How the attack was performed? "Cyberattackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay's corporate network".
They never had to hack eBay itself; they just had to hack some of its employees!
As always, enjoy the issue!
– Stathis
.blogs (interesting reads from around the web)
Why Is The Dollar Sign A Letter S? — observationdeck.io9.com, 2015
"There's a good story behind it, but here's a big hint: the dollar sign isn't a dollar sign. It's a peso sign."
Filthy — the-pastry-box-project.net, 2015
Having spent several hours during this month doing a lot of digital cleaning, this article feels so relevant!
The Weirdness Of 50s Bomb Shelters — allday.com, 2014
I don't know about you, but I always find post-apocalyptic topics quite interesting.
Startup Ideas We'd Like to Fund — ycombinator.com, 2008
An old Y Combinator article, full of startup ideas, some dated, some not. Unavoidably, while you're reading it you'll compare these ideas with startups which have appeared since the article was published.
My Velveteen Rabbit — remysharp.com, 2014
:'-|
.images (worth a thousand words)
The Solution to Oversleeping — bonkersworld.net, 2012
Indeed!
.podcasts (sometimes is better to listen)
Bootstrapped Web — bootstrappedweb.com
As its title suggests, Bootstrapped Web is a podcast focusing on (existing or aspiring) founders of bootstrapped online businesses, covering most of the topics you would expect from such a podcast.
.videos (for education or entertainment)
The IT Crowd — wikipedia.org
The IT Crowd is a British sitcom about three main characters; two IT guys and their manager, who has absolutely no idea about the subject. Even if you find British humour... strange, give it a go (it's quite small anyway; four seasons, of six episodes each). My personal favourite is episode four of the third season, where the "Elders of the Internet" allow Jen (the manager) to bring "the internet" to the company's shareholders.
"Have you tried turning it off and on again?"
.books (physical or electronic)
The Art of Deception — wikipedia.org
Since the whole editorial story revolved around this book, it would be unfair not to pick it. In case you skipped the editorial, The Art of Deception was published in 2002 and was written by Kevin Mitnick, famous for his hacking days, and now a security consultant.
In it, he describes several real and hypothetical "hacking" cases, illustrating that humans are the weakest link in any secure system, thus a very good target for such social engineering attacks. Keep in mind that I read the book a lot of years ago, so I don't really remember much details, apart that is should probably be shorter. Still an interesting read.
.games (everybody needs some play time)
Fallout 3 & Fallout: New Vegas — wikipedia.org
I'll assume that you already are familiar with the concept of Fallout series; therefore I won't bother you with many details. If you are not, it's an open-world post-apocalyptic first-person RPG; for more info, have a look at the Wikipedia entries.
I was never a big fan of first-person games. I'm able to play them and I have played a lot, but I always preferred a third-person perspective. Therefore, although I'm always fascinated by post-apocalyptic themes and I had a look at its mechanics since I watched a good friend playing this game for a few hours, I stayed away from Fallout 3 for several years.
It was just a couple of years ago that I decided to give it a go. In just a few months, I completed both Fallout 3 and New Vegas, as well as all of their DLCs. My suggestion? Even if you remotely like post-apocalyptic concepts, RPGs, and first-person games, give it a go!
Since both games are quite old now, you can find their full editions ("game of the year" for 3 and "ultimate" for New Vegas) which include all DLCs in a very low price. I think I bought both of them for a total of under £15.
If you decide to play them, this wiki will become your best companion for the game.
.non-profits (for a good cause)
Barnardo's — barnardos.org.uk
Barnardo's believes in children regardless of their circumstances, gender, race, disability or behaviour. The charity's purpose is to transform the lives of the UK’s most vulnerable children.
.bye
Thanks for reading Equilibrium!
If you've enjoyed reading it, consider spreading the word to your friends (the link is for a customisable tweet).
If you want to contact me, you can reply directly to this email.
P.S. If someone forwarded you this newsletter and want to subscribe, click here.