|Yeah, that's me and my Superman mug.|
See; I believe deeply in practical security awareness work. Doing presentations over and over and over again, warning people about one risk more dangerous than the other... Well, in the long run I think most people will just stop listening. Sadly enough, we all need reminders every now and then.
To keep some of my friends on alert, we've got a very informal competition. It's just "hack me". Simple rules really:
1. Hack me (low-tech, no 0-days or "high-tech" stuff)
2. Do not destroy anything.
3. Do not manipulate any information etc
4. Prove your attack by explaining it (all details)
5. Do not repeat any trick previously used against me or anybody else in the competition.
6. If you can hack me you get to brag about it in public (that's the reward)
7. I'll admit it. In public.
8. If you join the competition, you are automatically a target yourself
Kind of keeps us on edge, so to speak. Quite fun! :-)
Anyway; have you seen the excellent "hacker" movie Sneakers, starring Robert Redford and others?
Cool movie, my second favorite hacker movie after Wargames. In sneakers there's a scene where the good guys are trying to figure out the password of scientist, watching him enter it at his keyboard at a distance. Cool scene, but they can't really get the password.
Thomas succeeded in putting up a webcam on my side without me noticing when I sat down, and filmed me when I entered my password. They tried, and they failed (or didn't try hard enough....). Take a look at the video below. Can you figure out my password?
If you can't, then any creative suggestions on how it could be done using the existing footage will give you a bonus point anyway. Suggestions on how the camera (video & sound) should be placed and configured for success will also be rewarded with bonus points.
Just to give you a realistic opportunity to test your own skills compared to what you see in the movies and on television. :-)