Random Entry: Poor Security Example
< Keeping Busy | Russell and the Knockerbot >

User Education and Paranoia

Last night I got a phone call from a friend. She said that her friend's computer, which is on our universitie's internal residence network, had been hacked. She asked me what she should do. I told her to unplug the computer from the network but leave it on and not touch it. I then asked her to tell me what made her think it had been hacked before we jumped to any conclusions.

UPDATE: As if reading my mind, Joat provided Bleeping Computer's 'Have I Been Hacked' a nice quickie for the intermediate tech, but don't give it to grand-ma.

As her machine was behind two firewalls it was likely that the attack came from inside Rhodes, so I was waiting for something about a boyfriend reading her e-mail or the like. What I got was something like: My computer told me a network cable was unplugged, but I wiggled the cable and it definately was plugged in. Then my friend told me to restart my computer and when I did it asked me for a password on all three of the user accounts, even guest. I never had passwords before.

Hmmm, probally not a hack then. It turns out her computer had just been configured to use the network and it was windows asking for a password. The network cable unplugged message was due to their switch being fixed.

Can any deeper more meaningful conclusions be drawn from this? I thought of a few relating to the success of spyware in paranoid environments and why this paranoia doesn't translate to basic defense, but in all likelihood they wouldn't scale beyond this one incident and user.

Friday, March 4. 2005
Posted by Dominic White in Security
Comments (0) | Trackbacks (0)

Last modified on 2005-03-07 00:19

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

No comments

Add Comment

Name
Email
Homepage
In reply to
Comment	E-Mail addresses will not be displayed and will only be used for E-Mail notifications. To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly. Enter the string from the spam-prevention image above:
	Remember Information? Subscribe to this entry