SE

Search for:


Archive for February, 2010

Forget Big Brother…. We Have High Schools continued

Friday, February 26th, 2010

There has been a whirlwind in the news about the spy cameras on students issue at the high school in Philly.  Now to uncover other schools admitting to the same thing.

A few notable articles that popped up:

First there was an article about details on how it was done, what software was used and even proof that they knew a lot more than they admitting to know.  You can see that article on the Stryde Hax Blog.  It is long but worth the read.

Don’t stop there folks, another school in the Bronx NY, USA the admin was bragging how he “monitors” the children and even demonstrated it on PBS television.

I guess from a security standpoint sure I would love to be able to flip a switch and watch what my target is doing. It would make my job easier as a social engineer.  Yet when I read these stories I wonder how difficult it must be to be a kid in this day and age.  The pressure by society, peers, schools, etc but then to top it off people can just spy on you and you have no rights?

Then we see that it is not just us sec guys that have a problem with this.  I guess the FBI has opened an investigation into the event.  I just may have to pick up one of those t-shirts

Till next time

Posted in General Social Engineer Blog | 1 Comment »

Forget Big Brother…. We Have High Schools

Thursday, February 18th, 2010

Now I am not sure about you, but this is one of those stories that at first made me laugh…. then when I thought about it the smiles went away.

Hey I got kids and if this happened I just might have to put on the boxing gloves.

Basically the gist of the story is that a school in Philadelphia USA issues laptops to their students.  One day Little Blake Robbins goes to school and is slapped with a “improper behavior in his home” disciplinary action.

Of course the first question is, WTH?  After some questioning what is found is that these laptops have web-cams on them and those web-cams where set so the admins can turn them on remotely at will.

Allegations are being launched against the school that they used these cameras to spy on students and their families, a massive breach in privacy.

If you are like me, we do a lot of things with the laptop in the room.  From personal conversations, arguments, dinner, getting dressed, heck I have even heard some stories about people taking the laptop into the bathroom with them (JUST HEARD STORIES PEOPLE).

So how far is too far?  I can understand the schools having monitoring software on the computers, I can understand filtering sites, heck I can even grasp having very strict rules on usage (although I might help my kids get around some of those silly blocks) but this, this is just too far.

I can only imagine those pervs sitting in their admin office and spying on the 16 year old teenage girls while sitting in their bedrooms at night.  This story just screamed out to me. As a social engineer I would love to be able to do this to my clients and get all their passwords and just walk in and say, “All your base are belong to us“, that is where the smile came from.

Yet on children?  our children?

Another question is who is responsible for our children’s behavior?  Is it the schools?  When they leave the school grounds, do the teachers still have a say in what is said or done?  Do we want to take the parents out of the equation?

From a social engineering point of view, how much information is too much information?  From a SE angle there is no such thing as TOO much information.  As a person, if you want to protect from this you need to seriously consider what it is that you release to the public.  Pictures of our family, kids, names, addresses and such personal information can lead to a serious hack on you and your family.  Take that to the next step, use this information from a business perspective now and what you have is a path to own your business too.  This is a scary story as it makes us reflect on the way information is released and the amount of it we allow out into the world.

This opens up a whole another topic.  Keep tuned because we will be posting some serious stories in the near future.

For a full story online check out:  http://www.boingboing.net/2010/02/17/school-used-student.html or

http://newsolio.com/students-spied-on-via-laptop-computers-by-lower-merion-school-district-in-philadelphia-claim,5537

Posted in General Social Engineer Blog, Interesting SE Articles | 1 Comment »

Shmoo Con and Social-Engineer.org

Tuesday, February 9th, 2010

“Just got back from Shmoocon and it was a great experience. We would like to thank everyone for all the kind words that were said to us about social-engineer.org in general and the newsletter, podcast and framework specifically. It was very humbling to see how much everyone appreciates what we have put together. Thanks everyone.

While we were there, Shawn Moyer and Tom Eston were kind enough to drop by the podcast where we spoke to them about putting information that has been gathered on targets to use. It was a great podcast and we really appreciate Shawn and Tom’s expertise on the topic. Be sure to check it out, we think you will find it is one of our best.

Also wanted to make sure everyone was aware the newest newsletter has been posted online, so if you did not see it yet be sure to take a look. And consider signing up if you have not already done so.

Thanks again and we look forward to seeing you all soon at Defcon.

Posted in General Social Engineer Blog | 1 Comment »




SE Polls

SE CTF

Brad Smith