Full Disclosure mailing list archives
Re: RE: [Fwd: [TH-research] OT: Israeli Post Office break-in]
From: Ron DuFresne <dufresne () winternet com>
Date: Tue, 13 Jan 2004 11:33:31 -0600 (CST)
This was not a remote attack, at least not the initial attack <setting up the AP> That was a physical, access to the site directly walking in the door attack. Certainly not an issue with a publically open port that was being stepped upon, not until the AP was placed, and then seems to have been accessed by those that placed it. this is a physical security issue if I read the original report properly. Than again, perhaps I misread... Thanks, Ron DuFresne On Tue, 13 Jan 2004 Frank_Kenisky () psc uscourts gov wrote:
Without access to the entire article or knowing more than the media writes it's really not possible to tell. But from what you've posted. That is an interesting story. With some configuration networks can be somewhat secure. But leaving a port wide open to the public is not the best physical security. I have seen this in hospitals. The hospital remodels a public area but somehow leaves ports accessible to the public. I've often thought that it would probablly be pretty easy for someone to say purchase a wireless AP (pretty inexpensive these days) sit in the public area (i.e. waiting room) with a laptop or PDA, connect to the AP and start surfing. This of course would require a bit of knowedge but not much. Frank Kenisky IV, CISSP, CISA Information Technology Security Specialist 210-301-6433 John.Airey () rnib org uk 01/13/2004 03:10 AM To ge () egotistical reprehensible net, bugtraq () securityfocus com cc full-disclosure () lists netsys com Subject RE: [Fwd: [TH-research] OT: Israeli Post Office break-in]-----Original Message----- From: Gadi Evron [mailto:ge () egotistical reprehensible net] Sent: 11 January 2004 04:07 To: bugtraq () securityfocus com Cc: full-disclosure () lists netsys com Subject: [Fwd: [TH-research] OT: Israeli Post Office break-in] I thought this story might interest some of you. See forwarded message below. Gadi Evron. Date: Sat, 10 Jan 2004 19:23:15 -0800 From: Gadi Evron <ge () linuxbox org> To: th-research Subject: [TH-research] OT: Israeli Post Office break-in Mail from Gadi Evron <ge () linuxbox org> This is completely off-topic, but very interesting. Apparently there was a break-in in a branch of the Israeli Post Office. The offenders placed a wire-less gateway connected to a switch inside, and through it stole a few tens of thousands of Shekels in the few days they were in operation (the Israeli Post Office is a sort of a small bank).I can't resist any longer. I have to ask a few questions. 1. How did they know which switch to connect to? Wouldn't this require some knowledge of network topology. 2. If it is indeed a switch and not a hub, how did they obtain access to set this port to monitor traffic? 3. How did they get access to the switch. Shouldn't it have been locked away. 4. How did they convert electrons to money? Was this by raiding bank accounts or collecting credit card numbers? 5. How could they be unable to hide a WAP in a rack (assuming the switch was in a rack)? I can think of several ways to hide one without it being visible. Seems like a bit of an inside job to me, but I'm no Dick Tracy... - John Airey, BSc (Jt Hons), CNA, RHCE Internet systems support officer, ITCSD, Royal National Institute of the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey () rnib org uk Even if you win the rat race, that will still only make you a rat. - DISCLAIMER: NOTICE: The information contained in this email and any attachments is confidential and may be privileged. If you are not the intended recipient you should not use, disclose, distribute or copy any of the content of it or of any attachment; you are requested to notify the sender immediately of your receipt of the email and then to delete it and any attachments from your system. RNIB endeavours to ensure that emails and any attachments generated by its staff are free from viruses or other contaminants. However, it cannot accept any responsibility for any such which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [Fwd: [TH-research] OT: Israeli Post Office break-in] Gadi Evron (Jan 10)
- Re: [Fwd: [TH-research] OT: Israeli Post Office break-in] false weather reports Gary Flynn (Jan 12)
- Re: Re: [Fwd: [TH-research] OT: Israeli Post Office break-in] false weather reports William Warren (Jan 12)
- Re: [Fwd: [TH-research] OT: Israeli Post Office break-in] Jimi Thompson (Jan 14)
- Re: Re: [Fwd: [TH-research] OT: Israeli Post Office break-in] Cedric Blancher (Jan 14)
- <Possible follow-ups>
- RE: [Fwd: [TH-research] OT: Israeli Post Office break-in] John . Airey (Jan 13)
- RE: [Fwd: [TH-research] OT: Israeli Post Office break-in] Frank_Kenisky (Jan 13)
- Re: RE: [Fwd: [TH-research] OT: Israeli Post Office break-in] Ron DuFresne (Jan 13)
- RE: [Fwd: [TH-research] OT: Israeli Post Office break-in] Dave Paris (Jan 13)
- Re: RE: [Fwd: [TH-research] OT: Israeli Post Office break-in] jan . muenther (Jan 13)
- Re: RE: [Fwd: [TH-research] OT: Israeli Post Office break-in] Lan Guy (Jan 14)
- RE: [Fwd: [TH-research] OT: Israeli Post Office break-in] Frank_Kenisky (Jan 13)
- Re: [Fwd: [TH-research] OT: Israeli Post Office break-in] false weather reports Gary Flynn (Jan 12)