Thoughts and ideas of a dyslexic designer/developer
Me and Sarah discuss a few things in this 1 hour podcast. Some things I've talked about in previous blog entries and others are quite new.
From Slashdot yesterday, Identity Theft from Tossed Airline Boarding pass?
The Guardian newspaper has a great story about how the gathering of information for anti-terrorist passenger screening databases allowed a reporter and security guru Adam Laurie to lay the groundwork for stealing the identity of a business traveller by using his discarded boarding-pass stub. From the article: We logged on to the BA website, bought a ticket in Broers name and then, using the frequent flyer number on his boarding pass stub, without typing in a password, were given full access to all his personal details – including his passport number, the date it expired, his nationality (he is Dutch, living in the UK) and his date of birth. The system even allowed us to change the information.
So my take on it is, maybe this story is not quite what its cracked up to be. According to many Slashdotters there calling bullshit. But in the past I've also seen how easy it is to exploit BA's online system. I'm actually sure I've emailed BA over 2 years ago and maybe blogged it a while ago. See the problem I had was that my password timed out and I needed to get a eticket for the return journey. So I logged in as Sarah who had a different account then changed a few things in the URL and bingo I was able to see my account details including address, passport number, etc. Now from what I remember I couldn't get the password, but I could change it (which I did). I do remember the membership number, firstname, lastname and email address was all I needed to change the account.
I remember being so shocked at the lack of security and privicy that I tried to delete my account once I got back to the UK. I know for sure I told quite a few people about this flaw but can't quite remember exactly who. Honestly the problem seems to be when your already logged in accessing someone elses account other than your own. Anyway, I guess I should go and see if I can get my old details without a password… Hopefully some mainstream attention like this will force BA to recheck there site and maybe solve the flaw I identified all that time ago.
Its not quite as cool as it may sound from the title. I just watched epioside 13 of my lame-ass iptv soap, The scene. yes everyones got there weakness but if you put this against other soaps like Hollyoaks then it comes out quite well. Anyhow, I got a real kick out of main character trying to get root on windows box hosting a FTP server. They used the well established metasploit to find a flaw and exploit it. To be fair its one step up from the hack in the matrix reloaded and they did do a little homework to use the nice opensource framework metasploit. Its certainly a fine line between security tester and exploiter but the best tools always are.
Talking of which if you didnt catch the Security now podcast number 9 about rootkits, please do as it will give you a good old wake up call. I've been personally aware of rootkits for quite a long time but I didnt know spyware, adware applications were starting to use them just so they cant be removed from a computer. Its crazy, but its true. Honestly I wouldnt wish a rootkit on my worst enemy, I just cant imagine anything worst. Anyhow, Steve and Leo do a great job explaining how rootkits work. It is however really good to know Microsoft and Sysinternals are working on the problem. I did try out SysInternal's Rootkit Revealer on all my machines and I'm clean as expected but its good to be sure. I suggest everyone should give it a try, at least till Microsoft add rootkit scanning to there malicious software removal tool. No one likes to be rooted…