Pages

Monday, 3 June 2019

Thirty Years of Compromised Information Security

This talk is just 🤦x 500!! 😂 If you want a flavour of how utterly apalling this design incompetence really is, just watch five minutes or so from 18 mins 42 sec. And think how this sort of attack could be carried out, via a drone hovering over the building, or by someone lending her boyfriend her iPhone for the day. And what would be the use of attacking the toner patterns on a piece of paper? Well, when you print off a forty page legal contract and hand it to someone to sign in front of a witness, do you check every single word, to make sure it's exactly what appeared on the electronic copy that you read on your screen before approving it? Then, at 20 mins 50 secs, see what an attacker can obtain from the printer without anybody ever having any idea that their network was hacked. The answer is "He can get a copy of anything you printed". And at 28 mins 30 secs, you can find the Microsoft Active Directory passwords. This allows you to compromise the user authentication system on the internal network. So you can add privileged administrator accounts, for example.


For ten years, between 1999 and 2009, I was a system administrator at the University of Cambridge Computer Laboratory. The security of the network was apallingly bad because the system administrators, as a group, were deeply insecure, for some reason. Cooperation between us seemed to have been prohibited. But at this site, I was told, we had copies of the Microsoft Windows source code. And the Computer Laboratory had contracts with GCHQ and the NSA, and we had regular visits from people were very obviously CIA agents. And upstairs there was an Intel research laboratory which was mysteriously shut down late one Friday evening. All the research students had their work siezed, I think. I wonder why? Chris Hadley can surely tell you more.

I am looking forward to the study of photocopier data security too!

No comments:

Post a Comment