Speaking of network hacks...
Quite a number of years ago a hacker attempted to steal the password to our FTP server. I guess he/she thought it was a huge thing to store their files, but if they got in they'd be quite disappointed as it was only 2GB and kept that size anyway for that reason. The machine was also separate and FTP ran in a virtual Cygwin session and not as part of the operating system. Anyway, getting back to the password and username. First we never used a default administrator login. The login, on the now defunct machine and at the long gone company, was FTPAdmin, and the password was quite simple, but effective. I added in the most useful character in passwords, the ~ (tilde). Add that somewhere in between and it will throw off the brute force attacks. I'm sure any non-alpha character would work, but that's an easy one to reach for when making up a password!
This hacker attempted to login using admin with 1234, administrator with password1234, and so it went for about 30mb of logs. I let him run long enough and then I forwarded this information to his ISP. He was located in the UK and the authorities were more than interested in his activities.
@Falcus regarding the cookies and network stuff. Sure that's grabbed from the web, but for internal users and internal attacks, that's usually how it goes. A bit of social engineering is all that's needed to gain access to a computer room. Someone could come in with an "official-looking" badge and uniform, or have some kind of fake ID and company name, and the naïve user will let the person into their facility. This is usually the case even with security guards in place. They can be dumb enough most of the time to be boondoggled around the usual standard protocol. With Marshalls and TJX, this was an inside job with people putting the infrastructure in place to be hacked from the outside. This is very much what I'm talking about and it does happen more often than we're lead to believe. This like the Target issue was an inside job with some employee setting up the hacking mechanism for his cohorts.
With the more recent POS terminal attacks in the news, I blame both the VAR (the value added reseller) that has setup the system as well as the end-users and management. The VAR most likely has setup a quick password to get the systems up and running. It's probably the same password on all the systems they sell. This all very well and good, and where they fail. They should change the password immediately for the customer and setup the system to force password changes on a frequent basis. It's also an end-user issue again where they probably share their usernames and passwords with their coworkers, and probably don't bother to lock the systems when they walk away. I blame the management for trying make things easy and for not enforcing the security implications behind enforcing strict and frequently changing passwords. This issue can be truly a problem in a public place as the hacker can then go in and install malware very quickly using any vector they have available including a USB drive, which unfortunately are usually mounted immediately when inserted. With this the script could be configured to download the data immediately via an autorun applet or batch file.
The passwords we've been discussing above, with letter and number replacement are all well and good as along as they are changed frequently and kept distinct for various uses. Having a different secure password for email that is distinct from the Planet Auran server, is smart. Having another different password as part of the local login is better, and having yet another password for the local administrator account is smarter. The more different keys used to enter systems the more complex and difficult it is for people to hack in just as it would be to break into a house with multiple locks.
John
ut it on a memory Stick once saved into your Documents or wherever you wanna put it.(The password you copy into the password box should also be copied onto the word document)
