Keith Combs' Blahg

Ramblings from another nerd on the grid

If you see one of these in your conf room, call security!!!

If you see one of these in your conf room, call security!!!

  • Comments 8
  • Likes

ps3 I know this story broke a couple of weeks ago, but I was on vacation.  But I did think this was interesting for a couple of reasons.  First, the game consoles we use are really powerful computers so don't underestimate their capabilities.  Second, what should we be doing to react?

What am I talking about?

I was cruising some of the blogs I link to so I naturally hit Kim Cameron's Identity blog.  An article there caught my eye.  That blog of course links to the BBC story which as far as I can tell is the source.

Here's an excerpt from the BBC story:

"Security researcher Nick Breese used a PS3 to crack supposedly strong eight-character passwords in hours.   Typically, previous attempts to crack such passwords took days to get the same result."

As you can see, it's a pretty scary thing to think about.  Now what do we do about it?  Sixteen character passwords?  Multifactor authentication?

So like I said, if you see someone using a game console in your conference room, they may not be blowing off some steam after a hard days work.  They may be hacking your network.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • PingBack from http://blog.hznet.nl/2007/12/10/network-hacking-by-using-a-ps3

  • Bah, try my nine-teen character.

  • First of all, what kind of security policy does a company have that would, first of all, allow devices like that inside the premises? Secondly, what's it doing being allowed to connect to the network? Don't they have proper policies in place... that they are actively enforcing... to disallow foreign devices from connecting to the network to begin with?

  • For some reason, there are game consoles all over our company.

  • LOL. The entire point is that it's breaking through those restrictions to get into the network. The PS3 itself isn't what's getting on the system- it's only trying to crack the password. Once that is done, the hacker can steal credit card info or other sensitive data from the website.

  • Oh, Keith, I'm writing this from my laptop and, using windows meeting space, taking control of my PC with it. It's really fun and weird. But, what's really cool about it is, I've got access to all the power and speed along with the resources of my desktop, while controlling it wirelessly with an ultra-portable machine. I wouldn't use it for gaming :), but it's fun for when I need the extra power. This is the first time I've tried something like this, and it's really fun. I just got this laptop yesterday! :D

  • I just played Unreal Tournament 2004 with my laptop in control of my PC, controlling movement with my laptop keys and aim with my PCs mouse. The only drawback was that my laptop didn't display the game. The last thing it showed was the splash screen, and then it just acted like it wasn't open. My PC was great through it all though, without any lag between my key presses and my characters movement. Go meeting space!

  • I guess you've never heard of a rainbow table?

    http://en.wikipedia.org/wiki/Rainbow_table

    I say keep the PS3 in the boardroom !