People the Achilles' heel of computer security: hackers, pros Las Vegas, Aug 7, 2006 The most vexing weakness in computer security is not in the hardware or the software, it is in the people who use the machines, according to top hackers and cyber safety specialists. "It really is more of a human problem than a technical problem," Dan Kaminisky of Dox Para Research said at the world's premier hacker conference, DefCon, which ended in Las Vegas on Sunday. "We could do a better job making it clear how people can make themselves safe. We can't stop them from shooting themselves in the foot." Computer network managers at the conference confided that workers routinely left passwords on notes taped to machines or under keyboards and shared supposedly secret access codes with co-workers. Celebrity hotel heiress Paris Hilton had a trove of contact numbers for famous friends raided by someone who hacked their way into her mobile telephone using a predictable default password, the name of her pet, DefCon attendees joked. One conference room at the casino where DefCon devotees gathered had a "Wall of Sheep," that bore countless names and passwords "sniffed" from unsecured computers via the Internet. A popular T-shirt among DefCon attendees was one bearing a quote attributed to legendary hacker Kevin Mitnick, whose notorious attacks were based more on manipulating people than software. "Social engineering specialist, because there is no patch for human stupidity," the quote read. The Internet is awash with bogus "phishing" e-mail pitches written by con artists and websites designed to trick people into entering personal information or clicking on treacherous links, according to US federal agents. Online con artists dupe people into downloading hidden computer codes that enable the attackers to take remote control of infected computers, cyber cops at the conference said. Criminal can then mine computers for valuable personal information, launch attacks on other machines, or even use an unsuspecting person's hard drive as storage space for data such as illegal porn, security professionals said. "The whole Internet needs what DefCon has, the wall of sheep," said Internet Software Consortium founder Paul Vixie, a conference speaker. "There is no reason to think a packet sent to your computer came from who you thought." The adage that something that seems too good to be true probably is not should be valued on the Internet, said Brad Smith, a nurse and psychologist specializing in manipulative word tactics called neuro-linguistic programming. "You are not the millionth website visitor, your relation in Nigeria did not just die leaving a fortune in a hidden bank account," Smith joked, shaking his head at the notion people are suckered by such blatant cons. "You didn't win a lottery in some foreign country. And filling out a survey form with all kinds of personal information isn't worth it, even if you get the five dollars they promise." Con artists still trick people into clicking on e-mail attachments carrying viruses or other malicious software by giving files cute or titillating titles. "If an e-mail looks funny, it probably is funny and when you open it won't be funny," Smith warned. Even more surprisingly in today's supposedly technically savvy world, people still reveal computer passwords to charming strangers or bullying co-workers, according to Smith. "You can see the ethical dilemma we are getting into," Smith said. "The average person has no security sense." Community Email This Article Comment On This Article Related Links All about the technology of space and more
Lock picking child's play at major US computer hackers conference Las Vegas, Aug 6, 2006 Locks commonly used at homes and businesses worldwide were so easy to pick that children could do it, computer hackers practicing the skill were shown on Sunday. |
|
The content herein, unless otherwise known to be public domain, are Copyright 1995-2006 - SpaceDaily.AFP and UPI Wire Stories are copyright Agence France-Presse and United Press International. ESA PortalReports are copyright European Space Agency. All NASA sourced material is public domain. Additionalcopyrights may apply in whole or part to other bona fide parties. Advertising does not imply endorsement,agreement or approval of any opinions, statements or information provided by SpaceDaily on any Web page published or hosted by SpaceDaily. Privacy Statement |