Saturday, October 09, 2010

Can you see my password?

Yeah, that's me and my Superman mug.
I've postponed this blog post for quite some time, but I can't turn away from my own promises. I got pwnd. Or well, almost pwnd. In accordance with the rules and terms of our "competition", I hereby admit that I got (almost) pwnd by Thomas Tjøstheim, with assistance from Thomas Schancke Methlie, Hallvar Helleseth and Jan Fredrik Leversund.
See; I believe deeply in practical security awareness work. Doing presentations over and over and over again, warning people about one risk more dangerous than the other... Well, in the long run I think most people will just stop listening. Sadly enough, we all need reminders every now and then.

To keep some of my friends on alert, we've got a very informal competition. It's just "hack me". Simple rules really:
1. Hack me (low-tech, no 0-days or "high-tech" stuff)
2. Do not destroy anything.
3. Do not manipulate any information etc
4. Prove your attack by explaining it (all details)
5. Do not repeat any trick previously used against me or anybody else in the competition.
6. If you can hack me you get to brag about it in public (that's the reward)
7. I'll admit it. In public.
8. If you join the competition, you are automatically a target yourself

Kind of keeps us on edge, so to speak. Quite fun! :-)

Anyway; have you seen the excellent "hacker" movie Sneakers, starring Robert Redford and others?

Cool movie, my second favorite hacker movie after Wargames. In sneakers there's a scene where the good guys are trying to figure out the password of scientist, watching him enter it at his keyboard at a distance. Cool scene, but they can't really get the password.

Thomas succeeded in putting up a webcam on my side without me noticing when I sat down, and filmed me when I entered my password. They tried, and they failed (or didn't try hard enough....). Take a look at the video below. Can you figure out my password?


 If you can't, then any creative suggestions on how it could be done using the existing footage will give you a bonus point anyway. Suggestions on how the camera (video & sound) should be placed and configured for success will also be rewarded with bonus points.

Just to give you a realistic opportunity to test your own skills compared to what you see in the movies and on television. :-)
Posted by

4 comments:

  1. AnonymousOctober 11, 2010 at 4:15 PM

    Synd den er i Flash, legg den gjerne på vimeo.com, de støtter HTML5 :)

    ReplyDelete
  2. securitynirvanaOctober 11, 2010 at 5:08 PM

    Heh. Maybe next time.

    ReplyDelete
  3. Matt WeirOctober 15, 2010 at 5:14 PM

    Just curious but what keyboard layout do you use?

    Not that I would ever try to guess your password or anything ;)

    ReplyDelete
  4. securitynirvanaOctober 15, 2010 at 6:02 PM

    Matt.... seriously... Time to do some educated guesses here... I'm Norwegian. I live in Norway. I speak and write Norwegian as my native language.

    No, I won't tell you which layout I'm using, I think you should do a "wild guess" here. ;-)

    ReplyDelete

All comments will be moderated, primarily for spam. You are welcome to disagree with my posts of course.

Subscribe to: Post Comments (Atom)