Security → Hackers pierce network with jerry-rigged mouse

Quote:

quote:

---

Deprived of the low-hanging fruit attackers typically rely on to get a toe-hold onto their target, Netragard CTO Adriel Desautels borrowed a technique straight out of a plot from Mission Impossible: He modified a popular, off-the-shelf computer mouse to include a flash drive and a powerful microcontroller that ran custom attack code that compromised whatever computer connected to it.

---

»www.theregister.co.uk/20 ··· _attack/

Nice attack, nice use of social engineering and technology and if this is what it takes to get into their systems, not bad security, however and maybe I should say this louder to make my point HOWEVER its a waste of time and money if there were easier ways to exploit their systems as the idea here is to do a security assessment and find out what the easiest and more common ways into their systems are so you can fix them, what they got here is to tell their employees not to connect any hardware that wasn't issued by the company to their systems(should be a given, but needs reinforcement apparently, same as those attacks where you scatter USB keys near your target and hope that one gets picked up and plugged into a system you are targeting), and watch out for Tom Cruise hanging on a thread at night. The idea behind penetration testing isn't to display your leetness (but such gigs do exists, but I question their value), but to explore and report on the client's systems from the bottom up, not just from the insanely top down. I'm hoping that the news article simply didn't say that and Netragard did a complete job as I would suspect they did.

Is any site truly impenetrable to all attack vectors, haven't seen one yet

Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool

Now that's an amusing angle!

I don't remember seeing the golden rule in the article though, "if they sit down at your computer, it is no longer yours." Whoops.
--
Kevin McAleavey, now with the KNOS Project.

A better read is Netragard’s blog »pentest.snosoft.com/2011 ··· ice-hid/

Blake

I preferred the bluetooth sniper rifles for wireless keyboards and mice that used bluetooth.

Blake
in short I loved anything wireless
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool

then THEY might be able to KILL YOUR LOCK SCREEN by plugging a 'mouse'......Worst nightmare comes true

Heh. Obviously you're not enough of a spook, son ... IR was where it was at - those shiny little WebTV keyboards and such that could be picked up from across the street as the IR pulses lit up the room. You need some serious amplifiers for that bluetooth stuff.
--
Kevin McAleavey, now with the KNOS Project.

Hand held with a range of a mile is ample for a bluetooth sniper (gives me I can see you, but you can't see me range).

»www.npr.org/templates/st ··· =4599106

I love bluetooth because phones, cars, headsets etc all use it so its like a smorgasbord out there.

You don't want to know what they could do with light reflecting off a living room wall, but then again it was easy to defend against by closing the curtains.

Blake
hmmm the Kinect as a hacking tool, oh ya baby be naughty for daddy..... Somehow I see Austin Powers saying that.
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool

Heh. Worked with spooks years ago. My favorite is the 10 degree angle off an office building window with a laser from a good distance away. Ever wonder why smart people have speakers and muzak playing to the windows loudly at Langley and other spots?

But my favorite was using the old fashioned ringers on the 400 telephone sets with nice big differential amplifier across the pair. Those inductive ringers made GREAT microphones. That's why I enjoy reading the rantings of paranoids over privacy and why I got into the business many years ago of solving the issues for a small fee. But no need for any of that anymore - people install windows voluntarily. Heh.
--
Kevin McAleavey, now with the KNOS Project.

hmm, consider both ends of the transaction.
An exotic way to highlight a low tech attack vector.
The exploit is common & is old as the hills but nonetheless the target didn't get it right even after prepping for the attack.
Sounds like one heck of a way to get an old message across more than about being exotic, especially in light of the preparation the target most certainly had.