[HN Gopher] Searching for Susy Thunder
___________________________________________________________________
Searching for Susy Thunder
Author : DamnInteresting
Score : 453 points
Date : 2022-01-27 05:43 UTC (17 hours ago)
(HTM) web link (www.theverge.com)
(TXT) w3m dump (www.theverge.com)
| zhdc1 wrote:
| > As for the woman on the other end of the line, she seems
| concerned with statutes of limitation. She's married now and
| lives a quiet life in a large Midwestern city, collecting coins.
|
| Guessing there's a chance this might be her?
| https://www.thesprucecrafts.com/susan-headley-768108
| ChrisMarshallNY wrote:
| I doubt it. I'll bet that lady gets a lot of weird questions
| that have nothing to do with coins, though.
|
| It sounds like the real Susan H. had a fairly intense life. A
| lot of the stuff that she's credited with, does not age well.
|
| I'm hoping that she has managed to find some modicum of
| happiness and peace.
| waffle_maniac wrote:
| > eBay dealer of ancient Roman coins
|
| The article says she had a coin hobby.
| ChrisMarshallNY wrote:
| Hmmm... maybe.
|
| In any case, she wants to be left alone. I have no interest
| in doxxing her.
| knome wrote:
| Looks like both her introduction and some of the "hippo-hips"
| messages can be found in this 8BBS dump.
|
| https://archive.org/stream/8BBSArchiveP1V1/8BBS_Archive_P1V1...
|
| Seems it was digitized from dot-matrix printout by a
| packrat/historian who got the logs alongside some old gear they
| were buying.
|
| http://silent700.blogspot.com/2014/12/is-this-something.html
|
| Found this while poking around. Seems someone representing their
| self as one of the DEC employees that ran 8BBS dropped a short
| message about it on everything2 back in 2006.
|
| https://everything2.com/title/8BBS
|
| https://everything2.com/user/FTCnet
|
| And here's a 1987 interview with the Tuc that acted as the
| contact at the beginning of the article.
|
| http://protovision.textfiles.com/phreak/tuc-intr.phk
| kingcharles wrote:
| That 8BBS dump is incredible. The fact that someone realized
| what they had and took the time to scan it. When I was reading
| it before I read your 2nd link I wondered what the cause of all
| the corruption was - perhaps poor quality coupler connection -
| but it was actually OCR failure from scanning printouts. If
| someone (not I) had the time to go through and fix them, that
| would be awesome.
| wildlogic wrote:
| Ueland wrote:
| What is your point with posting a comment containing just a
| single word? Like, really? What do you hope to achieve with
| that "comment"?
| temp8604 wrote:
| dfsegoat wrote:
| Not saying this is the case here, but there is at least a
| historical precedent from WW2, for the one word reply:
|
| _" [McAuliffe] is celebrated for his one-word reply to a
| German surrender ultimatum: "Nuts!"_ [1]
|
| 1 -
| https://en.wikipedia.org/wiki/Anthony_McAuliffe#%22NUTS!%22
| kergonath wrote:
| Ha, I did not know this one. What came to my mind was
| https://en.m.wiktionary.org/wiki/le_mot_de_Cambronne . The
| idea is the same.
| 0xedd wrote:
| severak_cz wrote:
| What a character! Like some straight out of some cyberpunk novel.
| ehnto wrote:
| > Headley was one of the first females to join one of the most
| renowned hacking groups in history, Cyberpunks.
|
| https://en.wikipedia.org/wiki/Susan_Headley
| bArray wrote:
| > One day she asks me, "You know why nobody knows who I am?"
|
| > No, I say, thinking back to a year previous -- before the
| plague, before our phone calls, before I finally found Susan,
| when her name still meant nothing to me.
|
| > "Because I never got caught," she says. "All the best hackers,
| all the best phreakers in the world, we don't know who they are
| because they never got arrested. And they never went to prison.
| This is why you don't know who the best ones in the world are.
| This is the truth. Think about it."
|
| And it's that kind of arrogance and survivorship bias that gets
| you thinking you're better than you are. She was lucky she was
| not caught, or the others were unlucky they did get caught. The
| people around her that she considered as her fellow peers got
| caught after all.
|
| > I went looking for the great lost female hacker of the 1980s. I
| should have known that she didn't want to be found.
|
| But then she _WAS_ found for the purpose of writing this article.
| So if not getting caught is the measure of being a good hacker...
| And she'll be incredibly easy to track down now.
|
| > Kevin Mitnick publicly maintains that he had nothing to do with
| the destruction of the US Leasing files. In his autobiography, he
| characterizes Susan as a "wannabe hacker" who took revenge on him
| and Lewis using a backdoor into the US Leasing system that he had
| created.
|
| I'm inclined to agree with Mitnick. There are numerous examples
| in this article alone of her acting in a vengeful manner, e.g.:
|
| > But when one of her exasperated targets called her a small-
| brained little twerp, Susan got mad. In retribution, she called
| the phone company and, posing as the woman, had her phone number
| changed.
|
| And really how likely is this to actually be true:
|
| > She claims to be one of only three women to have slept with all
| four Beatles, securing the trickiest, Paul McCartney, through an
| elaborate pretext that involved having his wife Linda whisked
| away in a limo for a staged photoshoot.
|
| It reads like the wishful thinking of somebody who had bigger
| dreams than their own reality, clinically delusional. Some of
| these things I could let go, but there is too much "it happened,
| trust me". Bare in mind that the _ENTIRE_ point of social hacking
| is to spin a lie so good that you believe it yourself.
| rsync wrote:
| Are you bstring ?
| makeworld wrote:
| > But then she _WAS_ found
|
| Her friends were found. The journalist only got her email after
| Susan agreed for her friend to share it.
| ggm wrote:
| Social engineering attack. How you find OBL is to ask around.
| Pretend to be vaccine staffers.. never mind the longterm
| damage to field vaccinations staff.
| root_axis wrote:
| An gigantic ego and an overstated sense of self-importance:
| sounds like the archetypal hacker to me...
| JediPig wrote:
| pfft.. most were recruited to work in a base.
| edub wrote:
| My first job out of school was at a dot-com in Vegas in the year
| 2000 initially as the network administrator. Susan was the
| Director of Marketing. My first interaction with her was typical
| assisting someone with some issue or another, but I noticed her
| book shelf was full of very technical books, and it turned out
| she was a Microsoft Certified Solutions Expert and I was just a
| simple MCP (I was new to Windows NT, my background was in
| Netware). I was about 22 and she was about 40, and it was very
| intimidating at the time, especially after I learned she was
| Susan Thunder.
|
| While the company was downsizing (dot-com bust) the CTO told me
| to batten down the hatches while Susan was being laid off. I told
| him that I'm fairly confident she knows more about NT than I do
| and that I didn't think I could do enough to secure things, so we
| more or less shut things down for the night.
|
| I sort of remember the whole company being scared of her in
| general. I don't know why though, she was always very nice to me
| and seemed pleasant in general. It was an overreaction to shut
| down the network that night, Susan never attempted revenge. In
| hindsight, she was probably an adult that understood that
| companies fail and it wasn't personal.
| herodoturtle wrote:
| Wikipedia page featuring her, for those that are interested:
|
| https://en.m.wikipedia.org/wiki/Susan_Headley
| SpaceInvader wrote:
| Sign of times with that mobile links ;)
| herodoturtle wrote:
| Sign of the times with omitting the nose :)
| The_Colonel wrote:
| In case of Wikipedia, I'm not even mad. Their mobile
| interface is better than the desktop one.
| teddyh wrote:
| https://addons.mozilla.org/en-US/firefox/addon/skip-
| mobile-w...
| richardfey wrote:
| It's a delightful write up and her story is 100% worthy to be
| told, however I wouldn't trust the hacking stories because
| there's no way of verifying them. Too easy to add embellishments.
| Freskis wrote:
| She claims to have slept with all 4 members of The Beatles.
| Methinks most of the stories she tells are nonsense, but she
| suits the prevailing narrative for a certain segment of the
| media.
| aortega wrote:
| She also claimed she entered area 51. Likely she was playing
| with the interviewer to see how much bullshit she would
| believe.
| Someone wrote:
| But that's easy. If the writer fact-checked this article
| (did she even talk with the real Susy Thunder?) before
| publishing it, it would be very short, and wouldn't get as
| many clicks. That isn't in the interest of the writer.
| aortega wrote:
| Yeah, the writer cooperated in writing bullshit, because
| bullshit sells. She didn't fact check a single thing on
| purpose.
| ryantgtg wrote:
| Entertainment sells. Putting a "well actually" after each
| statement by the subject would reduce the entertainment
| value. This article is a narrative of the subject's life
| told from various perspectives. The stories conflict, and
| as readers we can decide where the truth lies.
| hguant wrote:
| It's The Verge; they aren't really well known for giving
| a shit about technical accuracy or fact checking.
| jlkuester7 wrote:
| They can't stop us all...
| crocwrestler wrote:
| >she figured out how to set off US missiles from a phone
| booth
|
| Uhuh, yeah, ok
| Freskis wrote:
| Good point. So perhaps she is a genius at social-
| engineering and managed to "play" the journalist by
| appealing to the journalist's pre-conceived notions about
| her.
| aortega wrote:
| You dont need to be a genius to play a journalist.
| TonyTrapp wrote:
| The point is also made in the article:
|
| > It's not lost on me, as she tells these stories, that I'm on
| the phone with a phone phreaker or that I'm attempting to tell
| the true story of an expert deceiver
| caaqil wrote:
| > When she was asked to tell a lie, she would tell the truth.
| When she was asked to tell the truth, she would lie. She
| manipulated her breathing, balled her hands into fists against
| the chair, and pressed her feet hard against the floor, causing
| her hands to sweat and her blood pressure to spike. The polygraph
| test was inadmissible.
|
| This is a tangent but it's mind-boggling that this piece of
| pseudoscientific garbage [1][2][3] is still used by supposedly
| legitimate government agencies.
|
| [1]: https://www.apa.org/monitor/julaug04/polygraph
|
| [2]: https://www.apa.org/research/action/polygraph
|
| [3]: https://www.nap.edu/read/10420/chapter/5#101
| serverlessmom wrote:
| I was thinking that too. It's really wild to me how much of the
| technology we allow courts to rely on is totally unreliable and
| fake.
| acatton wrote:
| I have no opinion on Rittenhouse, but I watched his trial as
| a non-American for the show.
|
| It was mind-boggling, to me, the argument on the iPad zooming
| feature[1]. This was three people -- with no technical
| knowledge at all -- arguing about a technology which,
| ultimately, could influence the rest of the life of a fourth
| person...
|
| How often does this happen and is not recorded by a camera?!
|
| [1] https://www.youtube.com/watch?v=sf7xCMFBv5c
| mcv wrote:
| Especially the "I have no idea what I'm talking about, but
| you should take my argument seriously anyway" that the
| defense started with in that video. The prosecution should
| have eviscerated that argument.
| elahieh wrote:
| Polygraphs are the "fan death" of America.
| albatrosstrophy wrote:
| That's the perfect analogy I could never think of.
| [deleted]
| aortega wrote:
| Once again, the media trying to pass someone with social
| engineering skills as a hacker. You might as well call it Lying
| engineering, those people are just good at lying and
| manipulation, for me, hacking is another entirely different
| activity.
|
| Also she ratted on Mitnick, those people are called informants,
| not hackers.
| megapolitics wrote:
| It's perfectly possible to be both an informant and a hacker.
| reshie wrote:
| it does fit a specific definition. it manipulates to get
| information. hacking manipulates software to get information
| they would not otherwise have access too as well.
| wjnc wrote:
| For me the anarchist in 'the anarchist cookbook' and
| newsletters that were spread via BBS and early internet capture
| the hacker (as in 'hacker news') spirit quite spot on. Haven't
| we come full circle with social engineering being one of the
| main digital crimes? A good pentester has good social
| engineering skills. I expect a 'hacker' not to have too much in
| common with a 'con man', but a 'con man' with technical skills
| or interests seems to fit with 'hacker'? It's all loose
| categorization based on stereotypes anyways.
| radicalbyte wrote:
| That and the Jolly Roger Cookbook.. those were the days.
| aortega wrote:
| >A good pentester has good social engineering skills.
|
| There is a difference between a pentester and a con man.
|
| A con man with technical skills is still a con man. A hacker
| is more similar to a modern-day wizard commanding computers
| to do his bidding.
| geocrasher wrote:
| Right. The pentester gets the money up front.
| Dah00n wrote:
| Mitnick using social skills to get a pincode for a door is
| also hacking even though he didn't need use any computer
| commanding skills.
| aortega wrote:
| IIRC Mitnik is good at technical hacking, but mostly
| known for being a master at conning people. Not as good
| as the cops that got him, surely.
| goodpoint wrote:
| mpenick wrote:
| "When the phone system went electric"
|
| I have trouble getting past this sentence. Did they mean
| "digital"?
| kikoreis wrote:
| Yeah. It might be a reference to "electronic"; this usually
| describes the transition from electromag and crossbar to fully
| digital switching:
| https://en.wikipedia.org/wiki/Electronic_switching_system
| anpat wrote:
| IIRC old telephone lines used to work without electricity not
| sure if they're alluding to that. I don't know how much the
| modern cellphone infra is grid dependent.
| goodcanadian wrote:
| Landlines are still independent of the electric grid . . .
| that is not quite the same as saying "work without
| electricity" as they most definitely do work with
| electricity. The power is provided by the phone line itself,
| however.
| bjornorn wrote:
| I guess they're referring to the upgrade from manual to
| automatic switchboards.
| Taniwha wrote:
| The last line sums it up:
|
| "All the best hackers, all the best phreakers in the world, we
| don't know who they are because they never got arrested. And they
| never went to prison. This is why you don't know who the best
| ones in the world are. This is the truth. Think about it."
| grapescheesee wrote:
| Found her.
| deltaonefour wrote:
| It's not necessarily true. Maybe the best ones were the best
| UNTIL they got caught. Hard to say, given we don't know
| anything about the best if they were never caught.
| brutusborn wrote:
| Not necessarily, but probably true. Same with all the best
| criminals, the best live out their lives and none are the
| wiser as to their actions besides those in the know.
|
| This all assumes that getting caught is a bad thing. For some
| hackers it leads to respect and eventually government /
| private jobs. This is obviously not true for non-technical
| criminals.
| southerntofu wrote:
| > For some hackers it leads to respect and eventually
| government / private jobs. This is obviously not true for
| non-technical criminals.
|
| Errrr, should we tell you about Blackwater, Thales, BAE
| Systems, Bollore, Nestle, Coca-Cola, Alexandre Benalla,
| Serge Dassault, NSA? They are just some examples of very
| famous people/corporations engaging in high-level criminal
| activities ranging from basic corruption to actual slavery
| to wide-scale murder.
|
| We live under capitalism, a system which glorifies criminal
| activity as the path to success and social recognition.
| Sometimes, this criminal activity is legal and you can't
| believe how that's even possible, but many times it's
| illegal but when people/organizations become too
| influential they are far above the law.
|
| Don't even get me started on law enforcement engaging in
| criminal activity such as organizing drugs trade like in
| USA's crack epidemics or with France's chief anti-drug cop
| leading the biggest smuggling ring for cocaine/hashish for
| years. One could even say in some circles, being ready to
| defy the law is a sign you're part of this circle. For
| example, in France at least, murderous cops are more likely
| to get promotions than to get kicked out of police, because
| once they took part in murder and held their mouth shut
| through the shitstorm without compromising
| colleagues/higher-ups, they have successfully demonstrated
| their loyalty to the establishment.
|
| Of course, you're free to not research scandals involving
| the people/organizations i mentioned, take the blue pill
| and go back to dreaming about elections and free market and
| how fair our society is.
| emteycz wrote:
| Legal criminal activity is an oxymoron. The legal system
| defines what is criminal, and that has nothing to do with
| morality.
|
| And even though I'd tend to agree, I absolutely don't
| understand why you're making a connection to capitalism.
| Any other more socialist system was nothing else but much
| worse, and the social democracies of today have just the
| same issues with police etc you're talking about.
| elliekelly wrote:
| You might find the book "The Fish Who Ate the Whale"
| interesting.
| southerntofu wrote:
| > The legal system defines what is criminal, and that has
| nothing to do with morality.
|
| That's not entirely wrong, but "criminal" is often used
| figuratively to refer to morally-abhorrent behavior. I
| took the liberty to employ the word this way to address
| the blind spots of our respective legal systems. I
| personally wouldn't call a weed smoker a criminal but
| would call a murderous cop a criminal: that France's
| legal system does not agree with me is unfortunate but
| irrelevant.
|
| > Any other more socialist system was nothing else but
| much worse, and the social democracies of today have just
| the same issues
|
| That's a debatable point of view, but my opinion is that
| what you refer to as "socialism" or "social democracy" is
| in fact just another brand of capitalism. For example, in
| anarchist circles, the USSR was widely criticized as
| "State capitalism" [0]. In this mental framework,
| laissez-faire capitalism (Randt/Hayek ideals) is yet
| another brand of capitalism, although it has yet to be
| proven that capitalism can exist without nation states to
| enforce it, while stateless communism has a varied
| history throughout the ages.
|
| [0] https://theanarchistlibrary.org/library/emma-goldman-
| there-i...
| emteycz wrote:
| The problem with criminality is that what we feel like is
| absolutely irrelevant, which is why this is a big
| mistake. The fact is that weed is criminal in
| France/elsewhere in Europe and that is a problem that
| must be recognized because it's immoral. Same re:
| murderous cops and other excesses of criminal systems.
|
| Ad brands of capitalism - well OK, but any place that
| tried any brand of anarchism failed even harder than any
| brand of capitalism ever did, and the end result was much
| worse for the individual people who lived there. The US
| was always a heaven on Earth in comparison, even during
| its worst era of unregulated capitalism.
|
| USSR is the largest example but it was a poor country.
| There were rich countries that voted for true communism
| democratically and even there it devolved into a
| catastrophe in less than a year (after WW2, or after a
| few years for the more recent examples). IMHO human
| nature makes it absolutely impossible to make communism
| work, because it will be immediately taken over by power
| hungry people for their own benefit. Any anarchism that
| might be desired will never be allowed to develop, these
| power hungry people will make sure they control it.
| Retric wrote:
| The US has some seriously dark history including a
| relativity extreme form of slavery. Some failed states
| and tribalism where extremely unpleasant and legitimately
| better places to live.
| emteycz wrote:
| No, it was at best the same, US was never worse - and
| only much better after the abolition. The sad fact is
| that these anarchist places devolved into
| feudalism/slavery and then straight into warlordism. The
| only difference was that the people weren't called slaves
| directly.
| Retric wrote:
| Not all forms of slavery are equivalent. Cultural norms
| evolve to where European serfdom for example was a
| distinct institution. At the other extreme Caribbean
| sugar plantations had a ~50% mortality rate in the first
| year. US slaves where treated significantly worse than
| the average over history, though of course not the worst.
| emteycz wrote:
| It wasn't anything like the distinct European institution
| in these places, which was hell anyways - there was a
| good reason why these people risked death and went to
| America.
| Retric wrote:
| While the most extreme abuses happen in basically every
| society at some level, widespread institutions run into
| real limits. Extremely brutal forms of widespread
| oppression take strong institutes to maintain stability.
| Haiti for example had truly horrific conditions, but it
| couldn't maintain control first seeing significant
| numbers of escaped slaves living off the land then a
| successful uprising. Natzi's where brutally efficient at
| working their slaves to death.
|
| At the other end, Native American tribes for example
| would capture people effectively taking slaves but they
| integrated them into their tribes. Similar practices
| where fairly widespread in many cultures without firm
| centralized governments. The captured wife/sex slave
| divide is historically nuanced. Keeping people under lock
| and key takes effort and limits the forms of manual labor
| they can do. Mines where often extremely horrific because
| they where so easily managed. Hunting on the other hand
| requires significant freedom of movement.
| emteycz wrote:
| I don't know what relevance this has to the fact that any
| brands of anarchism anywhere were as bad or worse than
| the US ever was, and (unfortunately - I'd really like
| them to succeed) never better.
|
| > widespread institutions run into real limits.
|
| The only limit of European feudal lords was how many
| people they could kill/cause death before there was
| nobody left to do slave work and fight in wars for them.
| America was a heaven for the serfs.
| Retric wrote:
| There are many historical accounts of freemen in England
| choosing to become serfs. It wasn't freedom, but they had
| real protections. For example they couldn't be sold
| individually only the land they where bound to could be
| sold, which was a major protection keeping families from
| being broken up.
|
| They may have owed their lord specific quantities of
| uncompensated labor, but conversely that meant they had
| socially and legally protected free time.
|
| Also, Serfdom largely disappeared in Western Europe well
| before America was a thing. "In England, the end of
| serfdom began with the Peasants' Revolt in 1381. It had
| largely died out in England by 1500 as a personal status
| and was fully ended when Elizabeth I freed the last
| remaining serfs in 1574" " Serfdom was de facto ended in
| France by Philip IV, Louis X (1315), and Philip V
| (1318).[6][7] With the exception of a few isolated cases,
| serfdom had ceased to exist in France by the 15th
| century. In Early Modern France, French nobles
| nevertheless maintained a great number of seigneurial
| privileges over the free peasants that worked lands under
| their control. Serfdom was formally abolished in France
| in 1789."
| https://en.wikipedia.org/wiki/History_of_serfdom. Various
| exceptions did exist but it simply wasn't that common in
| Western Europe.
| davidwritesbugs wrote:
| Having been caught and done jail time I think that the view
| that "only the dumb ones get caught" is wrong (OK, I would
| say that): intelligence and getting caught are mostly
| orthogonal and I met a, very, small number of extremely
| bright people in jail. The difficulty in executing many types
| of crimes and evading detection is that it is a probabilistic
| process: a criminal activity may be composed of many actors
| with differing motivations and competencies, in a hostile
| environment with unknown features and requiring multiple
| contingent steps. Any mistep in this chain can cause the
| failure of the project and, however clever the player, the
| mistep can be difficult to forecast and non-deterministic.
| elliekelly wrote:
| Have you written about your experience at all? If you've
| got a blog (or even a book!) I'd love to read it.
| davidwritesbugs wrote:
| Others have written about it, it did make case law which
| was 'fun', and I've moved on.
| geocrasher wrote:
| Links?
| ska wrote:
| More generally, humans are generally bad at anything
| requiring the discipline and attention to detail that good
| opsec requires. Ability to do this well probably doesn't
| have much correlation with intelligence (although seeing
| the need for it might).
| JKCalhoun wrote:
| Also sums up what always puts me off these "notorious phone
| phreaks". It's always someone, usually emotionally stunted,
| riding some kind of power trip. Certainly never anyone I would
| admire.
|
| I suppose I shouldn't be so judgmental, they often seem to have
| pretty fucked up childhoods and are no doubt a product of that.
| I just don't see any good that comes from idolizing them.
| karmakurtisaani wrote:
| I always feel kind of sad for all the lost potential due to
| bad childhood conditions. I imagine the types of Bill Gates
| could easily have been one of these kind of hackers under
| less favourable conditions.
| ravenstine wrote:
| Or the ones that got away just knew when to quit.
| lamontcg wrote:
| They went legit and then wrote Stuxnet or something and got
| safely paid a lot of money for it.
| mcv wrote:
| I don't know if that's "legit", but it's probably a lot
| more profitable.
| nkrisc wrote:
| It's legit if the man says it's legit.
| JoelMcCracken wrote:
| right. just like if you kill with the government's
| blessing, it is war heroics, but if you kill without, it
| is murder/etc
| bradwood wrote:
| Right. Exactly like that.
| nkrisc wrote:
| Precisely. You get it.
| zibzab wrote:
| Kevin Mitnick was arrested 5 times before a judge got tired and
| send him to prison.
|
| Just saying...
| _wldu wrote:
| Courts in the US give people 2nd, 3rd and sometimes 4th
| chances. This is especially true for younger people. They are
| still learning the ropes.
| karmakurtisaani wrote:
| I'm under the impression that skin colour could impact the
| amount of chances given..
| hereforphone wrote:
| Kevin Mitnick is a notoriously good social engineer. Whether
| his technical abilities are extraordinary is up for debate.
| sen wrote:
| I don't think anyones really debating it except him. All he
| does is steal other peoples ideas then use his "reputation"
| to try sell them for 10x the price.
| alfiedotwtf wrote:
| Yep. When he copied MG's cable, I lost all respect for
| him
| unnouinceput wrote:
| This reminds me of someone else, dude's name was
| something like Job, Joby or Jobeys? Can't recall.
| 2malaq wrote:
| Gob
| oaiey wrote:
| Jabs?
| [deleted]
| renewiltord wrote:
| But not the best businessmen, eh? Considering Kevin Mitnick is
| now a legend and rich legitimately.
| sortebill wrote:
| Sometimes one negates the other.
| runnerup wrote:
| My company uses his software for phishing practice. A week
| after joining new company, his software claimed that I
| clicked on a phishing link. I saw the phishing email,
| instantly knew it was a fake phish, never even opened the
| email, let alone clicked on any link. Still had to do the
| "you got phished" extra training, as neither my manager nor
| IT would believe that there was a bug.
|
| Mitnick really was quite the grifter before he turned his
| life around.
| blkhawk wrote:
| Possibly your email client clicked that for you. This is
| actually a legitimate concern because some exploits work
| that way. Doesn't change that its a bug you got fingered
| for that tho.
| zibzab wrote:
| Outlook and others may access embedded links on their own
| servers for security reasons.
| GekkePrutser wrote:
| Yeah KnowBe4. My work bothers us with it too. Their emails
| are really easy to detect and have a huge header too
| describe what they are too :P
| magixx wrote:
| Yeah, my company also uses this and I just have a filter
| setup to catch those emails and delete them. It's silly.
| blowski wrote:
| Their videos are brilliant though. Can't wait for the
| next episode of Inside Man.
| the_af wrote:
| The Inside Man is entertaining, but as the "show"
| progresses, it becomes progressively more a standard
| sitcom and less about security training. Past the first
| season, there are entire episodes which are mostly like a
| Netflix show, with a last minute message of "oh, and
| remember: never leave your laptop unlocked" tacked on.
|
| Entertaining? Yes. Useful as a training? Ehhh...
| shafyy wrote:
| They are actually made by a company they bought, Twist
| and Shout (https://www.twistandshout.co.uk) :-)
| ryantgtg wrote:
| Exact same thing happened to me. I couldn't even get a
| response from anyone in IT. That's what happens when IT is
| a handful of people for a 50k person company with a third
| party offshore help desk.
| saagarjha wrote:
| My mom had to sit through a training of his. In it he shows
| how he "hacks" a Mac after you click a link, or something
| like that, which made my mom somewhat upset and frightened.
| Of course, he's gracious enough to show you how he does it in
| the video...except he doesn't actually show the part where he
| gets control of your computer :/
| crotho wrote:
| Hokusai wrote:
| That's the "ninjas joke": Japanese ninjas are the worst. All
| countries have ninjas but only the Japanese have been
| discovered.
| hutzlibu wrote:
| Ah the same reason, why there is no proof of real wizzards.
| The ones tested and failed with science, were all frauds,
| while the real wizzards already have all the power and no
| need to expose themself.
| thelittleone wrote:
| Obligatory callout to the classic: Ninjas are sweet [1]
|
| 1. http://realultimatepower.net/
| hallway_monitor wrote:
| This is The definitive site for mind blowing ninja facts.
| matheusmoreira wrote:
| It's so awesome that this site is still online.
| tempodox wrote:
| > ... almost done with puberty, which is bragable.
|
| LOL
| bcrosby95 wrote:
| Warhammer 40k has a similar joke. Orks think purple is the
| sneakiest color. Why? Well, have you ever seen a purple Ork?
| Didn't think so.
| malux85 wrote:
| Here's a phrase that will open doors for you:
|
| "Nobody knows what a smart fish tastes like"
| amelius wrote:
| Ever heard about fish farms?
| kuhewa wrote:
| Fish in fish farms are pretty dumb.
| moffkalast wrote:
| Sea cows
| renewiltord wrote:
| To actually open the door, you have to say "Alexa, nobody
| knows what a smart fish tastes like", though.
| [deleted]
| Ygg2 wrote:
| Sure we do.
|
| We invented ways to catch ALL SEALIFE. Not just smart fish.
| randomsilence wrote:
| So you may have eaten smart fish, and you still don't know
| what a smart fish tastes like.
| hutzlibu wrote:
| How do you know?
|
| That fish is so smart, it was never even spotted.
| Ygg2 wrote:
| So smart it aborted itself from this timeline.
| moffkalast wrote:
| You mean dumb fish.
|
| And a really smart fish would hang out somewhere in the
| hadal zone, we don't even know half the species that exist
| there.
| Ygg2 wrote:
| No. I mean what I said.
|
| Unless by smart fish you mean either unhatched fish -OR-
| fish too small to be caught.
|
| Fish have ranges. And hiding in the hadal zone is the
| fish equivalent "I'll hide in the hell desert". Not a
| smart plan.
| therealcamino wrote:
| It's not meant to be taken literally.
| astrange wrote:
| Seems like people do know what whale tastes like, but I've
| never heard about dolphin.
| Ygg2 wrote:
| Both of those are mammals.
| orbifold wrote:
| There is at least one example of dolphin in Japan:
| https://en.wikipedia.org/wiki/Taiji_dolphin_drive_hunt.
| oaiey wrote:
| So that is then evidence that there are stupid dolphins
| :)
| solarengineer wrote:
| https://www.dolphinproject.com/campaigns/save-japan-
| dolphins...
|
| The Taiji Dolphin hunt is cruel - close to or at par with
| the Faroese cruelty.
|
| Dolphins trust humans. The Taiji fishermen hunt and
| Capture them for money.
| kuhewa wrote:
| Ask a Faroese
| tester34 wrote:
| top hackers when it comes to crimes?
|
| then probably yea, but when it comes to skills?
|
| I'd say that they're not really that unknown -
| https://ctftime.org/
| alasdair_ wrote:
| CTF is to hacking what fencing is to actual swashbuckling.
| saagarjha wrote:
| Not everyone does CTFs.
| bugmen0t wrote:
| I strongly believe that you don't have to use your power for
| evil.
|
| It may be true for the early hackers, but there are many famous
| hackers that have not been in prison. Just think of the people
| like Dan Kaminsky.
| justanother wrote:
| I'd go as far as to say that by 1990 post-Operation Sundevil
| etc, this was considered common wisdom, and such people with
| great skill who never got arrested were the rule, not the
| exception. People pulled off fantastic things, but refused to
| do silly stuff like join groups or write about their exploits
| in G-philez, or even use the same alias on two forums (let
| alone doing anything from their house). You might have met up
| with them on an Alliance Teleconference or QSD once in awhile,
| but never at the 2600 meetup at the mall. These people tended
| to make it well into adulthood and lead rewarding lives, all
| without ever becoming a pushpin with pieces of yard tied to it
| on some Secret Service agent's cubicle wall. Of course, it
| doesn't make you as famous as an Esquire article does. But
| also, handcuffs hurt.
|
| This is still true today, and of more hunted groups than just
| hackers.
| ethbr0 wrote:
| > _more hunted groups than just hackers_
|
| It's underappreciated just how tolerant society was, with
| respect to 80s and 90s hacking culture.
|
| We had the war on drugs, but pre-9/11, secrecy and hacking
| were... novelties. As in, people couldn't conceptualize the
| worst results of bad people using bad methods.
|
| You can see this in the legal filings of early computer
| prosecutions. Much of it is spent trying to explain to a jury
| just why phone phreaking or computer hacking is bad. E.g.
| "Could launch nukes from a payphone!" Or _Tron_ , _WarGames_
| , etc.
|
| Now, network intrusion brings to mind ransomware, and a hop,
| skip, and jump away from helping ISIS, in terms of jury
| sentiment.
|
| On the other hand, there's an entire white and grey hat
| culture that wasn't really as defined in that period, so it's
| fair to say there are also more legimate paths for someone
| deeply interested in systems.
| rob74 wrote:
| Cool article! And, as the eternal nitpicker, I only found one
| inaccuracy:
|
| > _Back then, everyone had a landline, but people in the public
| eye kept their phone numbers out of the Yellow Pages._
|
| The Yellow Pages were for company/business numbers, the phonebook
| (or part of the phonebook) with the personal phone numbers was
| plain white. Makes me feel old (and wonder how young the author
| is). Or is "keeping your number out of the Yellow Pages" a
| commonly-used expression I'm not familiar with?
| Mountain_Skies wrote:
| Depending on where you lived, the white and yellow pages might
| be separate books or combined together. In big cities, they
| also made good impromptu booster chairs. I still receive a
| combined yellow and white pages each year but it's about the
| size of an old Reader's Digest now.
| Terry_Roll wrote:
| In the UK it was called "ex-directory" I guess short for
| excluded from Directory. In the 90's British Telecom, the
| defacto telecomes provider in the UK, introduced a dialup
| service called Phone Base. Cant find anything about it online
| except this reference
| (https://www.lawinsider.com/dictionary/bt-phone-base), but it
| was possible to dial up, put in wildcard generic strings,
| select a dialling code and download massive tables of names,
| addresses & phone numbers.
|
| Natwest around the same time also had a dialup system, where
| you could do banking transactions over a dialup modem. It
| worked on the pretense you knew the account numbers you wanted
| to shift money to, its main security was the bank transfers
| were done offline, then their app, a frontend for a DUN
| terminal, uploaded the batch of bank transfers and then logged
| off within 30seconds or something like that. Now it was
| possible to access the Natwest system without using their
| frontend app on Win95, and just dial in and make the transfers
| yourself, your only constraint was the time limit and having a
| password to access the system in the first place. Security
| wasnt their strong point from what I could tell.
| shp0ngle wrote:
| I guess I'm too young, but I always feel a little weirded out
| that yellow pages just had everyone name and number, publicly
| available to everyone.
|
| That's... not very private?
|
| When Terminator wanted to find Sarah Connor, he just went to
| the phonebook and found her. (Well, all the other Sarah
| Connors, anyway.) Nowadays, he would need to get into Facebook
| HQ first!
| yodon wrote:
| I suspect you're being downvoted because you call it the
| yellow pages but the yellow pages were where businesses were
| listed by category (eg Dry Cleaners or Orthodontists).
| Individuals and businesses were listed alphabetically by name
| in the white pages, so the terminator looked Sarah Connors up
| in the white pages not the yellow pages.
| ska wrote:
| > but I always feel a little weirded out that yellow pages
| just had everyone name and number, p
|
| That was the white pages, not the yellow pages (which were
| paid advertisements).
|
| White pages had name and number for every customer, typically
| you were in there unless you opted to have an unlisted phone
| (and paid an extra fee for that, most likely).
|
| The thing to think about is this is pre-internet technology
| for finding how to contact someone. There were reverse
| listing books too but not generally available (given a
| number, who owned it).
|
| These pages go back to pure analog telephone systems (no
| caller ID, no call-back, no voicemail, nothing). Oh, and in
| some places it was common to share a number between multiple
| houses (party line).
| ptr wrote:
| Same in Sweden, the Yellow Pages were the business part of the
| phone book. I wonder how this international alignment happened
| or if it's just the natural way of coloring phone books.
| mcv wrote:
| In Netherland they were separate books. The phone book came
| from the phone company and just listed all non-secret phone
| numbers. The "Gouden Gids" (it did have yellow pages) was
| from a separate organisation and listed all businesses in the
| area.
| cycomanic wrote:
| The interesting bit is that this even translated to other
| languages. In Germany the "Gelbe Seiten" (literally yellow
| pages) was the commercial listings and the "Telefonbuch"
| (telephone book) was for normal numbers.
| ringworld wrote:
| I wonder if this is related, specifically the origin and use
| of the term in the 1890s - it somewhat connects as to why
| yellow paper was used for advertising, perhaps?
| https://en.wikipedia.org/wiki/Yellow_journalism
| mcorning wrote:
| You are correct on both counts "Yellow Pages" was a registered
| trademark used in many countries for business phone numbers.
| Phone books also had literal yellow pages with business phone
| numbers and advertisements in them. It was also a colloquial
| term, at least where I am from (Midwest, USA) used to refer to
| the entire phone book.
|
| It's funny how these weird pieces of knowledge stick even with
| almost zero exposure. Every time I got a phone book or yellow
| pages dropped on my doorstep in some flimsy transparent bag,
| I'd throw it directly into the recycle.
| [deleted]
| Natfan wrote:
| Random fact about the Yellow Pages:
|
| Sun Microsystems developed a directory service now called
| "Network Information Services" (or NIS), however it was
| originally called "Yellow Pages".
|
| They obviously didn't realise that the "Yellow Pages" were
| already a thing, so they renamed. All of their commands still
| begin with yp (ypbind, ypcat and others from what memory
| serves)
|
| Just thought it was interesting. Also source[0].
|
| [0]: https://en.wikipedia.org/wiki/Network_Information_Service
| glandium wrote:
| > They obviously didn't realise that the "Yellow Pages" were
| already a thing
|
| I always thought it was called that way on purpose.
| maupin wrote:
| Back then everyone knew about the white pages and yellow
| pages. You used them all the time. It would be basically
| impossible not to know about them.
| [deleted]
| ska wrote:
| > They obviously didn't realise that the "Yellow Pages" were
| already a thing
|
| This is almost certainly not true. More likely legal decided
| they could get into IP trouble, or marketing decided they
| didn't want the association.
| bagels wrote:
| Yellow pages were ubiquitous, unlikely they were unknown to
| those at Sun.
| cafard wrote:
| Yes. If you grew up before the web took off, you knew all
| about the Yellow Pages. Every year, a. White Pages (direct
| listing, split between residential and commercial) and a
| Yellow Pages (business ads by category) landed on your
| doorstep. In the larger cities, these could be quite hefty.
| SideburnsOfDoom wrote:
| > They obviously didn't realise that the "Yellow Pages" were
| already a thing,
|
| If true, then why pick the name "Yellow Pages" at all?
|
| Of course they knew what it was named after.
| taurusnoises wrote:
| Yeah, this caught my eye as well. Anyone who grew up getting
| these enormous tomes on their doorstep knows that the white
| pages were for looking up girls you liked, and the yellow pages
| were for pizza.
| na85 wrote:
| In Canada at least, when I was a kid The Yellow Pages was the
| colloquial name for the entire book; yellow, green, white and
| all.
| goodcanadian wrote:
| Also Canada, "yellow pages" referred specifically to the
| business directory and not the rest of the phone book. "White
| pages" was the residential. And, wait for it, "phone book"
| was used generically or to refer to the whole thing. YMMV.
| gwern wrote:
| Yeah, in my family no one ever made a distinction. You'd look
| someone up in the yellow pages, they were all in the same
| stack, and only a prig would correct you, "you mean, look him
| up in the _White_ Pages ".
| rkagerer wrote:
| In the 90's in Toronto I always knew it as the White Pages.
| sammalloy wrote:
| It's an interesting discussion. I'm fairly certain that the
| yellow pages only referred to commercial listings in the
| US, but I don't recall anyone saying "check the white
| pages" for a residential number in the states, so maybe it
| was a colloquial misnomer.
| StanislavPetrov wrote:
| You are correct. Here in the US we had the White Pages for
| individuals. The Yellow Pages were for businesses only. Both
| were massive tomes and roughly the same size.
|
| https://www.peoplefinders.com/assets/img/header/headterms/pr...
| chronogram wrote:
| If I recall correctly, the yellow pages was a hip way to refer
| to the entire telephone book, because it had yellow pages in
| it, and most other books did not have any yellow pages.
| RappingBoomer wrote:
| the phone book had 2 parts: the white pages, the front part,
| which was everyone, by default, and the yellow pages (the 2nd
| part), which cost money to put your business name in (with
| more money, you got a large ad with graphics)...you could pay
| $1 to keep your name out of the white pages...
| egberts1 wrote:
| Susan Headley! Wow. She got her 15-minute fame, in form of the
| Internet.
| dataviz1000 wrote:
| It seems the hackers who get caught are the ones who were
| compelled to brag about what they did. Perhaps, the greatest
| quality a hacker can have is humility.
| naasking wrote:
| > It seems the hackers who get caught are the ones who were
| compelled to brag about what they did.
|
| You mean, they were socially engineered into revealing
| themselves? Hoisted by their own petard.
| [deleted]
| Lamad123 wrote:
| What a beautiful page!!!
| csk111165 wrote:
| Where did you make this beautiful and interactive article? Is id
| done via some Web framerwork or you are just writing it in the
| website.??
| WalterBright wrote:
| Some people (like me) find it very annoying and consequently
| don't read it.
| INTPenis wrote:
| Some people (like me) apparently block too much JS for it to
| become interactive. I just read long paragraphs of text, as
| it should be. There were huge gaps between the text and I
| tried enabling cloudflare to see if there were images there
| but I wasn't that interested to make the gaps appear.
| kamray23 wrote:
| Interactive? Perhaps it' just me, but I can tell you that to me
| the page was a series of sections with a lot of empty space
| between them and it was rather hard to read. There were some
| extracts on some neat ribbon-looking things as if they were
| lifted from newspapers, but 90% of the article was just...
| white.
|
| In a way, if it is supposed to be interactive, this is a great
| success from my point of view. Despite being interactive, it's
| not an article as an application type deal where no content
| will load without 10 XHRs and 15 JS scripts. It's a fully
| working article, whether you look at it on a macbook screen or
| telex paper.
|
| EDIT: Just went and printed it out. elinks
| -dump <url> | lpr.
|
| 12 sheets A4 with a reference list for visible links and all.
| Looks good and reads better.
| qbasic_forever wrote:
| "Scrollytelling" is the nickname for this kind of presentation.
| There are lots of nifty js frameworks for it, check out this
| for an overview: https://pudding.cool/process/how-to-implement-
| scrollytelling...
| ktpsns wrote:
| The nice thing with this particular website at theverge.com
| is that it is _not_ scrollytelling, as it does _not_ mess
| around with scrolling. That is: Nothing is moving while you
| scroll. Images got faded in when scrolled to (looking like
| good old lazy loaded images, but with intention). Maybe we
| could agree to call this layout a very gentle form of
| scrollytelling. As somebody who does not like scrollytelling
| so much, I really like the beautiful layout of this article.
| Brybry wrote:
| For more detail: the 'with intention' part is using an
| IntersectionObserver[1] to toggle image opacity, via CSS
| style, when the image enters the viewport.
|
| So the effect repeats as you scroll through the document,
| even after the images are first lazy loaded.
|
| [1] https://developer.mozilla.org/en-
| US/docs/Web/API/Intersectio...
| kodemager wrote:
| I think your definition of storytelling is too narrow. When
| I took "storytelling" as a university class 20 years ago it
| had nothing to do with having moving parts on a website,
| but the concept is the same for both this article and
| interactive articles. Storytelling is simply a tool that
| enables you to tell and present a long story in a way that
| that makes people read all of it. I'd say this article
| succeeds as much as that as an interactive article would.
| Dah00n wrote:
| scrolly, not story ;)
| philliphaydon wrote:
| I couldn't read the whole thing because of. I didn't think it
| was beautiful and interactive. Each to their own.
| iJohnDoe wrote:
| Reader View. After you scroll through the first graphics it's
| easy to read in Reader View, if you have an iPhone. Not sure
| how it works on Android.
| MayeulC wrote:
| Firefox Android has a reader mode. Chrome (default browser)
| got rid of it, probably because of conflicting interests
| with Google's ads and AMP.
| The_Colonel wrote:
| It's broken in Firefox reader view sadly.
|
| The way the images appear/disappear while scrolling makes
| me dizzy.
| philliphaydon wrote:
| It helps but it's still annoying as you scroll there's 2-3
| full height scrolls of just photos. (on iPhone and Firefox
| - Desktop)
| kamray23 wrote:
| Does not need to be. uMatrix blocks the loading of the
| majority of the photos and keeps them white. Even better,
| render the article as text and you get rid of the
| garbage: elinks <url>
|
| Personally I even tested printing it out as plaintext
| elinks -dump <url> | lpr
|
| 12 sheets of A4 with a reference list at the end listing
| all the links on the page and what they point to.
| Beautiful article, good read.
|
| It's great design when a telex machine can read your
| article as well than a modern HD screen. It's odd design
| when the telex becomes better at doing so.
| [deleted]
| labrador wrote:
| Abandoned by her father and abused by her step-dad, I'd say she
| did alright for herself and didn't become too evil. She skirted
| the edge without going over for the most part afaik
| hereforphone wrote:
| Possibly unpopular view: social engineering is not hacking. It is
| conning. People have been doing it since the beginning of time
| and one can do it with very little technical skill. It's an
| insult to those who work hard for deep knowledge and technical
| ability, to call social engineering "hacking".
| kalium-xyz wrote:
| Hacking is a very broad category. I think you're right to say
| this tho, it doesnt agree much with what the public considers
| hacking now
| sen wrote:
| Good social engineering is a lot harder to do than 90% of
| online hacks, which are generally just skiddies downloading
| some PoCs from GitHub and spamming them until they get results.
|
| The Project Zero and APT type stuff that hits the news is the
| exception, not the rule, which is why it hits the news in the
| first place.
| ThinkBeat wrote:
| You are defining an unfair comparison.
|
| [Good] social engineering [Bad] hacking
|
| The vast majority of hacking and social engineering are
| pedestrians.
| to1y wrote:
| I would be tempted to argue script kiddies =/= hackers. But
| that's getting too pedantic I suppose.
|
| To me hacking entails a thorough understanding of the
| environment.
| throwaway675309 wrote:
| False. Social engineering has the same equivalent concept of
| script kiddies, just con artists who are reusing well-known
| types of patter/cons to be able to exploit age old
| evolutionary psychological vulnerabilities in humans that
| unlike computers, we are not able to easily patch.
| endymi0n wrote:
| How is social engineering any different to lying to a JSON API
| and conning it into accepting a SQL query inside the request?
|
| If anything it's people like you worshipping technology itself
| and ignoring their users why social engineers are so effective.
|
| https://xkcd.com/538/
| vishnugupta wrote:
| Not sure how it's an insult. It takes same amount of skill,
| practice, and hard work, if not more, for someone to become
| good at social engineering. Those two are two orthogonal
| skills, and one is not necessarily better/harder than the
| other.
|
| To be honest even I didn't have a high opinion of social
| engineering conmen, until I watched "Catch Me If You Can" and
| read about Frank Abagnale[1].
|
| That said, most of the big hacks do involve social engineering
| angle. It's a cocktail of tech hacking + social engineering +
| good old plain con.
|
| https://en.wikipedia.org/wiki/Frank_Abagnale
| to1y wrote:
| I would say it takes next to no practice or hard work at all.
| That's the problem with putting it under the "hacking"
| umbrella term.
|
| Anyone can send an email with a link, chuck some USBs in a
| parking lot or pretend they're an employee at a company. All
| you need is one curious or lazy employee.
|
| Sure it has its uses but to compare it to hacking is
| ridiculous and tbh the only reason I think it is done is
| because back in the day hacking contests were completely male
| dominated and they had to save face.
| southerntofu wrote:
| > Anyone can send an email with a link, chuck some USBs in
| a parking lot or pretend they're an employee at a company.
| All you need is one curious or lazy employee.
|
| Yet when you receive a phishing email, you can usually find
| clues it's not legit (such as typos). It takes craft to
| make a convincing one. Pretending to work somewhere sounds
| even more hacky: i for one would certainly not be able to
| do that, and i'm sure many fellow hackers (in the broad
| sense of the word) are in the same basket.
|
| Understanding human systems to infiltrate an organization
| is pretty much like reverse-engineering. As someone who's
| not practicing either, i would say social engineering looks
| even more complicated for one reason: when you're reverse-
| engineering a program/API, you usually take some steps to
| protect yourself. Either you run the program on an isolated
| network, or you borrow someone else's network (VPN/Tor/etc)
| to attack an API.
|
| When you're attacking a corporation via social engineering,
| you're on the front line smiling to the people at the front
| desk asking why your work badge isn't working anymore or
| pretending to be the toilet repair crew. Every probing step
| you take can unmask you, and the consequences of that can
| be much more quick/severe than if you leaked a random IP
| address trying some weird request.
| cycomanic wrote:
| But dropping USB sticks or sending phishing emails (which
| could just as well be called technical hacking btw) is not
| what social engineering is about.
|
| That's like saying running a brute password cracker or port
| scanner requires no skill or hard work at all, so lumping
| software work under hacking is really an insult to all the
| "real hackers" (whatever real means).
|
| Social engineering often requires you to get someone else
| to do something that they should not, don't want to and
| often are trained not to do. Very often in direct
| interactions, not only is it hard (depending on target you
| might also need a lot of background knowledge, needing
| significant prework), but it typically involves much higher
| direct risk (which makes it even harder).
| yesenadam wrote:
| Abagnale gave a google talk too. But the last thing I read on
| the subject (I forget what, sorry) suggests it's most likely
| he just made most of his life story up.
| homarp wrote:
| > suggests it's most likely [Frank Abagnale] just made most
| of his life story up.
|
| https://news.ycombinator.com/item?id=27048793 "New book
| contends that Catch Me If You Can is mostly made up"
| cammikebrown wrote:
| The ultimate conman fools everyone into thinking he's a
| conman.
| rob74 wrote:
| ...or fools everyone into thinking he invented his life
| story, when it was actually true.
| aortega wrote:
| >Not sure how it's an insult.
|
| Its an insult for a very good reason: Con men are dangerous.
| In the same way actual hackers see computers as targets, they
| see people as targets, not as human beings. They usually end
| up with some degree of psychopathy.
| FartyMcFarter wrote:
| Is psychopathy something you can develop by lying?
| ThinkBeat wrote:
| Social Engineering is marketing speak to make [swindle, con,
| defraud, dupe, etc] to make it sound fancier and more
| palatasble-
|
| This is handy when youa re selling your consulting services.
|
| One of our consultants will con .. We have sone of the best con
| artists ....
|
| The term itself is a con.
| serverlessmom wrote:
| I would argue that the combination of the two skills is what
| makes a hacker like Thunder particularly scary. As a general
| rule I would say that most folks who are technical in a hacking
| capacity would struggle to learn social engineering and vice
| versa.
| dragonwriter wrote:
| > Possibly unpopular view: social engineering is not hacking.
| It is conning.
|
| "Conning" is just hacking systems consisting of one or more
| people.
|
| > People have been doing it since the beginning of time and one
| can do it with very little technical skill.
|
| People do other kinds of hacking with very little skill and a
| few focussed tricks (often borrowed form others), too. OTOH,
| deep knowledge of social systems allows doing original hacks of
| more complex social systems with greater theoretical safeguards
| (often, they are just as weak _if_ you can identify the right
| point of attack, but that 's where the knowledge comes in; just
| as with systems composed of things other than humans.)
|
| > It's an insult to those who work hard for deep knowledge and
| technical ability, to call social engineering "hacking".
|
| No, it's not.
| [deleted]
| madrox wrote:
| This may be a generational thing, but most IT security even a
| mere 20 years ago focused heavily on the human elements.
| Networks were different back then and people were far easier to
| dupe. You usually had to be on site to gain access to anything
| interesting. The social engineering tricks people roll their
| eyes at these days were invented back then for this purpose.
| Hacking is a broad term with deep roots. Let's not gatekeep it
| too hard.
| sundarurfriend wrote:
| I was with you until the last sentence. They're very different
| skills being conflated because the end result is similar from a
| narrow view (and because "we got hacked (via social
| engineering)" sounds better than "we got conned"). But one is
| not inherently less difficult than the other. It's just
| inaccurate and kinda misleading to call one the other, not an
| insult to anyone.
| holoduke wrote:
| You need both to be the best. The technical only hacker will
| sooner or later face walls he can't pass. Same for the social
| engineering hacker.
| PickledHotdog wrote:
| Yes, I mean, if you consider hacking to be purely technology
| based and not about, in part, accessing forbidden systems or
| manipulating components of the system to perform unintended
| functions then you may be right
| user-the-name wrote:
| The hidden assumption here is that only "technical" skill
| counts. It's a skill. It's a difficult skill to master. And it
| is certainly an "insult" to dismiss it like you do here.
| protontorpedo wrote:
| As a counter argument, social engineering is hacking through a
| different interface. You're still exploiting vulnerabilities,
| but in a low-tech, process-based system. But I agree that we
| should use different terms.
| [deleted]
| emmelaich wrote:
| Video of her from Geraldo Rivera .. https://hackcur.io/trashing-
| the-phone-company-with-suzy-thun...
| huhtenberg wrote:
| Refuses to play the video "due to the privacy settings". Direct
| Vimeo link says the same. First time seeing Vimeo breaking like
| this. That's in Firefox.
|
| Edit - the exact message is "Because of _its_ privacy settings,
| this video cannot be played here. " I'm guessing it's geo-
| locked.
| andyjohnson0 wrote:
| Plays ok for me. Firefox 96.0.2 on Win10.
| mgbmtl wrote:
| Had the same problem with Firefox, non-US IP address. It
| worked with youtube-dl on the linked URL (not the iframe).
| radicalbyte wrote:
| No it's not - you need to open it on the linked page +
| disable adblock (and referrer spoofing if you use that.
| [deleted]
| ffpip wrote:
| > guessing it's geo-locked.
|
| It is because you turned off sending a referrer in Firefox
| (network.http.referer.XOriginPolicy in about:config).
|
| The video is domain blocked, meaning it can only be played
| when you are on a specific domain. Because you disabled
| referrers, vimeo doesn't know you are on hackcur.io so it
| thinks you are opening it through a direct link.
| huhtenberg wrote:
| Yep, that did the trick. Thanks.
| debo_ wrote:
| Susy Thunder wouldn't let that stop her.
| kome wrote:
| it works for me, also firefox.
| snthd wrote:
| You can see the Snoopy phone mentioned in the article.
| aortega wrote:
| Wow she was beautiful, no wonder she was good at social
| engineering.
| astrange wrote:
| That's what everyone looks like in California. Don't think it
| does much good over the phone though.
| iqanq wrote:
| mcv wrote:
| I don't think looks are even remotely the most important
| attribute to social engineering, but I bet there are
| situations where it can help.
| floatingatoll wrote:
| Looks are critical to account for in engineering a physical
| con. Not that one necessarily needs to be gorgeous, but one
| needs to be fit to the scene, in a way that minimizes the
| chances of someone undesirably thinking twice about your
| actions.
| CamperBob2 wrote:
| _Looks are critical to account for in engineering a
| physical con... in a way that minimizes the chances of
| someone undesirably thinking twice about your actions._
|
| I don't know. Charisma and looks are pretty much
| orthogonal, at least for some people. The canonical
| example is Hitler, somebody whom you'd think people would
| instinctively avoid at work or the neighborhood bar, yet
| who somehow ended up running Germany.
|
| It never hurts to be hot or handsome -- would a young
| Donald Trump who looked and sounded like Hitler have
| gotten very far in life? -- but it clearly isn't an
| absolute requirement.
| floatingatoll wrote:
| > It never hurts to be [gorgeous]
|
| I disagree. For example, if you're made up gorgeous and
| this leads a security checkpoint guard to notice you, and
| then they're checking you out and realize that your shoes
| are unusually fashionable, and then they notice that your
| badge lanyard is the wrong color and your badge looks a
| bit crinkly, now your cover is blown -- all because you
| drew their eye.
|
| That's not to say that there is _no_ value in
| attractiveness -- it 's just not a guaranteed upside that
| can be taken for granted as harmless. This also shows up
| in spycraft, where "unmemorable" can be a very strong
| asset.
| aortega wrote:
| Exactly, you need to be credible and non-threatening.
| There is an history of a Japanese pentester that was
| always allowed to get into the datacenter because
| everybody trust a Japanese engineer.
| ethbr0 wrote:
| Holy shit, Geraldo's hair and mustache are beautiful too.
| 80s, you had your moments.
| aortega wrote:
| To be honest, you are right. I believe the word is
| 'fabulous'.
| geocrasher wrote:
| I was thinking 'glorious', like a latino Barry Gibb.
| thesaintlives wrote:
___________________________________________________________________
(page generated 2022-01-27 23:02 UTC)