In theory...

by ShneekeyTheLost

Well, in theory at least, it only takes one weak password to gain access to a system. Bonus points if they use factory default on their firewall so you can add yourself as a superuser. And of course, there's many known leaks in most of the commonly used networking setups, so if you know what they use, you have a good set of first options. Big thing is making sure you've got good enough counter-hacking to keep them from tracing back to you. And no, satellite bounces don't work, the government tracks those.

I've never done security analysis on any DMV, so I'm not really prepared to make any sort of definitive statements on the topic of how likely it would be to try and hack them, but while I doubt it would be as easy as an SQL injection, it also probably isn't as hard as some make it out to be. It's a large government body, after all. SOMEONE's bound to have used a weak password, no matter what conditions you hem them in with. Hell, hemming them in with conditions in many ways just makes it easier, because now you have a set of conditions you can plug into your password guesser. Use a botNet to bypass three strikes rule so you can hit it from all over with different attempts. Really, unless they use a two-stage authentication system with a physical requirement, there's bound to be a way in somewhere.

Of course, most likely, there's a buffer of inbound requests that has to be manually cleared so you don't get jokers registering obscenities, and the security on that buffer has got to be far less secure than what is around the VIN database. Wiping the buffer ought to remove the code you don't want released, and whoever else's submissions that were sent since the last time someone cleared out the queue. But hey, government inefficiency and bureaucratic 'file and forget' make absolutely ironclad excuses for that. Which is as easy as getting any ol' user's account up and running and manually rejecting anything in said queue at the time. Including yours. Or just selectively remove yours. Either way.

Yanno, speaking theoretically and hypothetically of course.

Of course, Roger has access to resources most people don't have, so he'd probably have a significantly easier time of it. After all, worst case scenario, he could wormhole the input.

Posted on Dec 28, 2017, 10:12 PM

Respond to this message

Goto Forum Home
Responses

  1. Montgomery County, Alabama probate office hacked by ransomware.... Z-man51, Dec 29, 2017
    1. Commandment XI. Poison Oak Magnet, Dec 29, 2017
      1. and... B.O.B., Dec 29, 2017
      2. Word!. kiawe, Dec 29, 2017
        1. Backups. Chloe, Dec 29, 2017
        2. Backups.... J.Cook, Dec 29, 2017
        3. Backups. Antknot, Dec 29, 2017
    2. Maybe, maybe not.... J.Cook, Dec 29, 2017
    3. Where I work.... Lord *redacted* The *censored*, Dec 29, 2017
    4. well.... cbob, Dec 29, 2017

Quantcast

eXTReMe Tracker