home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Freaks Macintosh Archive
/
Freaks Macintosh Archive.bin
/
Freaks Macintosh Archives
/
Textfiles
/
zines
/
hir
/
hir7 Folder.sit
/
hir7 Folder
/
hir7-3.txt
< prev
next >
Wrap
Text File
|
1998-12-02
|
12KB
|
270 lines
Hir 7-3
Mobile Hacking part III
By Asmodian X
As always, Mobile hacking is an enormous subject so i suggest you read
up on Mobile Hacking parts one and two. In this section I hope to cover
A bit more on devices, software and go over physical security a bit.
Part 1
Physical Security
Well to put it simply, the company with the most cash has the best
security. So heres a general chart that deals with countermeasures on a
per location basis.
Location | Rent-a-pigs | Company Cops | feds | Video Survalence |
----------------------------------------------------------------
Retail
strip mall yes
----------
stand alone yes maybe maybe (*recorded)
retail
----------
small yes maybe maybe (*recorded)
business
park
----------
warehouse yes yes (CCD)
----------
corporate yes yes (ccd,recorded)
office
----------
Corporate yes yes (ccd,recorded)
HQ (big guys w. guns)
----------
Govt. office yes yes, yes, yes
(*Don't go near
fed. offices*)
I can imagine you saying now, "Geez asmo, what are we talking
about Burglary" To that I would have to emphatically say NO! The point
here it to rummage through what they already don't care about. Ie the
Garbage cans. Yes, the entire point of this section is about trashing.
Taking the saying, "another mans trash is another mans treasure," to
heart. You see our government has grown so entangled with laws and
regulations, that it has become impossible for a company to just GIVE
stuff away. There's mountains of paper work to just GIVE stuff away,
therefore its cheaper to pay Defenbaugh <or whatever trash service the
company uses> to take everything away for you.. out of sigh out of mind
right?
Well Generally, company's still care (*for some dumb reason or another*)
about their garbage. A few company's even feel that it requires armed
guards to keep those (*evil people*) out of their stuff . So thats the
main intent of this article, how to avoid trouble when going through some
one else's garbage. Legally speaking, if all your doing is trashing, the
most you will ever run into is tress-passing charges. Which isn't really
worth prosecuting so they just tell you never to come back.
In my table above, I listed some locations and in general terms what
external security those locations would probably have. Keep in mind that
the more important the location, the better the defenses.
Rent-a-pigs: Privately owned security officers who's job is to
patrol a large area and keep it free of disturbances. They usually don't
make a habit of hanging around the dumpsters.
Company Cops: Security Officers who are hired for the specific purpose of
patrolling a single company. They are more common amongst larger
installations, and are less privy to intruders. Avoid these people.
Feds: If your dealing with feds.. please format your drive now...
if your that stupid... We never met... Happy Nachos to you and say hi
to Kevin Mitnick for us.
Cameras: Well there's two uses for cameras, 1.) To look at after the fact
and identify suspects. 2.) To watch everything from a central point and
then direct your boys to hot spots. Ie.. there's a bunch of kids
trashing.. go get 'em J.D.
If your going to go up against some security, don't just run in. Do some
planning..
Part 2
Mobile Electronics.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Item Attack platform|Server|dial-out|Term. |
TI-Calc* no no no yes
Old Laptop no no yes yes
Palmtop yes no yes yes
Laptop yes yes yes yes
Desktop yes yes yes yes
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
If you need gather information, chances are that you need to some kind of
electronic device to access the net. Well heres some more thoughts on
mobile computing.
To start off, id like to give honorable mention to the TI calculators.
TI calculators have been one of the more popular requirements for
algebra classes everywhere. Because of this, there have been more
programs and doo-dads made available for it than macintosh <not really but
there's a lot of stuff for it.> For instance, there is a terminal emulator
program available for TI-8x series of calculator which turns the
calculator into a dumb term, of course you would need the serial cable.
Specs for the Serial cable can be found at HTTP://www.ticalc.org, you will
also find a large software archive for the TI-8x series of calculators.
It is not too hard to find a cheepo 286 lappie. Just something with a
screen, some ram, and form of storage media, and a floppy drive.
A battery is always a plus, although you can always substitute a UPS.
Typically this configuration provides an ideal dumb terminal <with some
form of communications software like Telex > or a dial out if you can get
ahold of a modem.
If you have the cash, you might even consider an upper end PDA or Palmtop
computer. These handy devices are usually self contained with display
keyboard and battery's, plus some internal storage. The newer ones use an
operating system called Microsoft Windows CE v. 1.x or 2.x. And its
pretty easy to find utility's for it at HTTP://www.hpc.net
For more information on HPC's see some of my previous articles on HPC's at
HTTP://www.hir.home.ml.org/. I consider Windows CE as an attack
platform because Windows CE <both versions> have a TCP stack, and PPP
dial-out capability's. Not to mention it has a built in PCMCIA card slot,
so you can use just about anything on it. bare in mind that WIN CE 2.0 is
the only version as of date that supports NIC(*Ethernet*), cards.
Ahh, the laptop! All the whole-grain goodness of a desktop crammed into
an itty bitty proprietary case. Typically a full powered laptop has about
3 hours of un-plugged use before you need to re-charge the battery. With
a newer laptop, you will have dual PCMCIA card slots, complete with the
usually Parallel and serial slots and maybe even an IR port and a USB port.
Laptops make decent Servers and exelent attack platforms.
A desktop can run just about anything but simply lacks portability. So it
could be considered a Server or an Assault platform. In general, a person
could hack with a plastic spork and a rubber ducky, but its probably
easier if you stick to using something technological.
Part 3
Operating systems
Now you got your Slash Bang 2000 486 laptop, now what do you run on it.
PC (80x86 or pentium) Opperating Systems
Device Dos Win 3x Win 9x Win NT Linux BSD SCO
---------------|-------|-------|-------|-------|-------|-------|------
old Laptop yes maybe* no no maybe* maybe* no
newer Laptop yes yes yes maybe* yes yes yes
Desktop yes yes yes yes yes yes yes
------------------------------------------------------------------------------
Please note the first four entry's are all made by Micro$loth(tm). There
are generic versions of Dos, like DR. Dos, Free DOS and a few others.
Free DOS is a GNU MS/PC 3.x DOS compatible OS, more information can be
found at HTTP://www.freedos.org/. The Latter 3 are Unix derivatives and
are generally free, except SCO Unix. SCO Unix is a commercial
implementation however there are free Non-commercial licenses available.
Linux and Free BSD are free, and covered under the GNU free software
policy.
Free/PC/MS/DR DOS
Plus:
The version you might want to shoot for is MS-DOS 5.0 compatibility.
There are more dos productivity applications available than ANY OTHER
OPPERATING SYSTEM. Not to mention dos runs on ANY PC based computer.
You can find dos drivers for DOS MUCH easier than with the Unixes. They
also have much better commercial support in general.
cons::
Dos is a Single user, Single processing operating system. Any
Multitasking is done on the application level. Memory management is
Horrid, if not non-existent. Its a 8 bit operating system thats
impossibly archaic.
Windows 3.x:
plus:
It utilizes the 386 instruction set and performs multitasking. Has an
*easy* to use GUI, and there are many applications available for it.
It runs on pretty much any 386 class CPU with a video adaptor.
Cons:
Runs on-top of dos... inherently unstable. See DOS for rest of
complaints.
Windows 9x:
plus:
Every one uses it now. much better memory management. Does not rely on DOS
to run. network capability is much better than win 3x. Much more stable
than Win 3.x. has multi user capability and some security features
con:
Every one uses it now. Multi user Wanna be. Marketed to be several
things it wasn't.
Windows NT:
plus:
Stabler than windows 95, has Multi user, high speed file system.
Multi user. Runs windows dos/3x and win 9x programs. Full 32 bit os with
multi processing support yadda yadda....
cons:
In the way of networking and being a *SERVER*, it isn't very secure. A
person would need to install a great deal of Patches and bug-fixes before
I would even bother to use it as a server. Its protection mechanisms are
dwarfed by Novell netwares permission setup and file permission setup..
not to mention that it costs WAY too much. And when NT says it CAN use up
to 32 processors it does not mention that you OUGHT to use 32 processors..
because the Opperating system it self is so huge that it requires a monster
computer to run it as a server, under a typical network load.
Linux:
Pros:
Linux can run on any 386 class Intel compatible processor, you can run it
with as much as 4 megabytes of memory, but generally requires a swap file
to load correctly. Linux is FULLY POSIX compliant and is SYSTEM V
compliant. It is a full FREE implementation of UNIX, and is one of the
most popular non-Microsoft operating systems. Is also a full development
environment. There is also a plethora of support available on the net.
A person can even run a GUI, such as XFree86. When set up right, Linux
can out gun any NT server in the way of speed and services.
Cons:
Unix environment is Complex, and generally more text based. Because of
this, only people that have intermediate to expert level of knowlage about
PC-based computers should consider using Linux. There is also NO
commercial backing, if the server crashes, there's no one to sue but your
self. there are also a limited amount of drivers available for devices and
virtually no support for proprietary devices such as PDA interfaces, some
digital cameras and other peripheral devices. Linux is a MULTI USER
system which means that it dose not make a very good Home, desktop
Multimedia PC. If your looking for an Assault platform and you don't want
to get into the nitty gritty details of setting up Linux, then forget it
and use Windows 9x.
BSD:
pluses:
BSD is more like a heavy duty UNIX distribution, it has Better memory
management than Linux and is generally more stable. The actual code
under goes more over seeing and is generally cleaner than Linux. In fact,
a great deal of Linux software was ported from BSD. Generally, if your
going to run a server, do it with BSD. BSD will also Run some Linux
binarys.
Cons:
Bsd is slower to release new software and drivers, consequently
hardware drivers are harder to find. PCMCIA support is known to Lag, and
for that reason, I don't not recommend BSD for a laptop.
* Writer note: When I was at las Vegas at DefCon 6.0, the NetBSD people
had to go around begging for another brand of PCMCIA NIC card because the
card services were on the Fritz. The Linux people had no problems
what-so-ever.
SCO UNIX
pluses:
SCO Unix is a commercial implementation of Unix which means there's support
available for it, not to mention that every driver disk I've ever looked at
has SCO drivers. In addition you actually have some commercial ports of
software like MS-WORD and WORKS and stuff for it.
cons:
SCO does not have the open software background, which means its a bitch to
patch. Typically the free Unixes are patched faster then the commercial
ones because its a huge communal effort versus a centralized commercial
effort.