Comments on: FEMA: Old school hacks are less embarrassing? http://www.mckeay.net/2008/08/21/fema-old-school-hacks-are-less-embarrassing/ The views of one man on security, privacy and anything else that catches his attention Thu, 29 Jul 2010 22:22:29 +0000 hourly 1 http://wordpress.org/?v=abc By: SecurePuter http://www.mckeay.net/2008/08/21/fema-old-school-hacks-are-less-embarrassing/comment-page-1/#comment-3252 SecurePuter Tue, 26 Aug 2008 15:24:42 +0000 http://www.mckeay.net/2008/08/21/fema-old-school-hacks-are-less-embarrassing/#comment-3252 This is reminiscent of the “old school” Mathew Broderick tactics in Wargames. I bet you could still use a paper clip to get a free call on a pay phone, albeit if you could find one. This is reminiscent of the “old school” Mathew Broderick tactics in Wargames. I bet you could still use a paper clip to get a free call on a pay phone, albeit if you could find one.

]]> By: Martin http://www.mckeay.net/2008/08/21/fema-old-school-hacks-are-less-embarrassing/comment-page-1/#comment-3197 Martin Thu, 21 Aug 2008 20:34:05 +0000 http://www.mckeay.net/2008/08/21/fema-old-school-hacks-are-less-embarrassing/#comment-3197 You bring up a good point, Bozidar: a good hacker will have used the PBX as a starting point and moved on to other systems from their. I wouldn't want to be the one explaining how this had happened in the first place, whether it was the result of a consultant or an employee. Fun stuff. You bring up a good point, Bozidar: a good hacker will have used the PBX as a starting point and moved on to other systems from their. I wouldn’t want to be the one explaining how this had happened in the first place, whether it was the result of a consultant or an employee.

Fun stuff.

]]> By: Bozidar Spirovski http://www.mckeay.net/2008/08/21/fema-old-school-hacks-are-less-embarrassing/comment-page-1/#comment-3196 Bozidar Spirovski Thu, 21 Aug 2008 20:19:30 +0000 http://www.mckeay.net/2008/08/21/fema-old-school-hacks-are-less-embarrassing/#comment-3196 Spot on comment! Being hacked by a wardialer simply indicates a gross incompetence on the side of the installer. But it's not only the installer that should worry. FEMA procedures should MANDATE change of all default passwords on all equipment, so the FEMA Chief Security Officer has an investigation to make, and probably a lot of explaining to do to his boss. Another thing - a good hacker may still have access to the system, or has expanded to other areas of the systems so this will be a lot of work for Homeland Security Bozidar Spirovski http://www.shortinfosec.net Spot on comment! Being hacked by a wardialer simply indicates a gross incompetence on the side of the installer. But it’s not only the installer that should worry.

FEMA procedures should MANDATE change of all default passwords on all equipment, so the FEMA Chief Security Officer has an investigation to make, and probably a lot of explaining to do to his boss.

Another thing – a good hacker may still have access to the system, or has expanded to other areas of the systems so this will be a lot of work for Homeland Security

Bozidar Spirovski
http://www.shortinfosec.net

]]>