!nostupidquestions is a community dedicated to being helpful and answering each others' questions on various topics.
The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:
Rule 1- All posts must be legitimate questions. All post titles must include a question.
All posts must be legitimate questions, and all post titles must include a question. Questions that are joke or trolling questions, memes, song lyrics as title, etc. are not allowed here. See Rule 6 for all exceptions.
Rule 2- Your question subject cannot be illegal or NSFW material.
Your question subject cannot be illegal or NSFW material. You will be warned first, banned second.
Rule 3- Do not seek mental, medical and professional help here.
Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.
Rule 4- No self promotion or upvote-farming of any kind.
That's it.
Rule 5- No baiting or sealioning or promoting an agenda.
Questions which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.
Rule 6- Regarding META posts and joke questions.
Provided it is about the community itself, you may post non-question posts using the [META] tag on your post title.
On fridays, you are allowed to post meme and troll questions, on the condition that it's in text format only, and conforms with our other rules. These posts MUST include the [NSQ Friday] tag in their title.
If you post a serious question on friday and are looking only for legitimate answers, then please include the [Serious] tag on your post. Irrelevant replies will then be removed by moderators.
Rule 7- You can't intentionally annoy, mock, or harass other members.
If you intentionally annoy, mock, harass, or discriminate against any individual member, you will be removed.
Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.
Rule 8- All comments should try to stay relevant to their parent content.
Rule 9- Reposts from other platforms are not allowed.
Let everyone have their own content.
Rule 10- Majority of bots aren't allowed to participate here. This includes using AI responses and summaries.
Our breathtaking icon was bestowed upon us by @Cevilia!
The greatest banner of all time: by @TheOneWithTheHair!
One of the show's tech consultants addressed that in this interview:
What are some of the challenges faced in presenting hacking and cybersecurity in both a realistic and an entertaining manner?
I think the biggest challenge is time. We are only given seconds to demonstrate a hack that could take hours. While we are accurate about the details of the hack, we must fudge the time element.
Yeah, when the show came out it was very well regarded as being pretty accurate.
Obviously it's a TV show, but most of the hacks were real or based on real hacks and techniques. From what I recall most of the hacks were social engineering (dropping the USB drives trying to get someone to plug them in, using physical access to install a raspberry-pi on the network, etc.).
Realistically, I think that raspberry-pi would be found pretty quickly today. And those USB sticks would probably now trigger a visit from IT (everything you do on your corporate computer is logged. If you plug in a USB stick your admins can/will know about it, I had a friend who's employer threatened to sue them because they downloaded personal documents off their computer using a USB, and the employer threatened to sue them over stealing trade secrets, which sounds dumb, but it was basically blackmail to try and stop him from getting another job).
I remember being pleasantly surprised with it being appropriately "entertainment accurate". Normie's watching it see all the stuff and think hackerman. But for people who know anything about tech, it was good enough that you weren't sitting there in agony knowing "that's not how that works!".
I think they were just trying to fire your friend without paying UI, which is standard practice in the US. You can be fired at any time without cause, but then the employer is on the hook to pay your unemployment. As long as they can find some "cause", then you're fired and ineligible for unemployment benefits.
As long as they can find some "cause", then you're fired and ineligible for unemployment benefits.
This is a common misconception, and everyone should apply for unemployment if they lose their job for any reason, including if they quit because they felt pressured to leave (constructive dismissal).
They need an actual good cause, like actual damages to the company or something, and they need to be willing and able to back up their claim that you are ineligible, or the unemployment offices will side with you and award it anyway. They generally favor employees over employers in decisions, because they know the bullshit companies do to not pay out.
Lose your job? Apply. You have literally nothing to lose.
But he was quitting. They sure hassled him though.
I pentest regularly and people plug those usb drives in, devices get ignored.
Trying to remember a bit more of it, but wasn't the usb stick a rubber ducky? I mean it could possibly trigger some alarms, but to note that I don't think it would register as a flash drive. In short you can program them and make them appear to the computer however you want. (IE it could appear as a keyboard, and rather than copying a file from storage, and rather than copying a script off of itself, it could say open cmd or powershell and effectively run the commands itself (as if they are being typed really fast, rather than actually a script). Companies typically don't log keyboards being plugged in.
IIRC, there was a plot where Elliot needed to break his drug dealer out of jail, and they left USB sticks in the parking lot of the police station, but when the cop plugged it in, it was obvious that it was malicious (command prompt pop up) because they didn't have time to make it hidden, so that thread didn't end up working out.
They even mentioned metasploit
In regards to the Pi, I worked for a bank until recently that absolutely would not have discovered it. I was dealing with IAM, not network security, but the guys who were were drowning and the structures were not in place to automatically flag this, so I'm pretty sure it'd just live on.. I think outside of big, solid corporate and very tech-heavy smaller firms, this kind of approach would rarely be discovered.
In most cases I would agree.
In the instance of a heavily secured state-of-the-art datacenter with armed guards it should've gotten flagged immediately.
Then again thats assuming the people in the SOC aren't massively overworked and were paying enough attention of course
I’ve seen that scenario play out multiple times now.
In every case management’s paranoia was a result of their inability to comprehend employee departure as anything short of personal betrayal and thus, drama ensued. Cringe-o-rama
Practical takeaways (tips for non-IT knowledge workers)
While avoiding toxic management in the first place is great, ultimately the best advice is to protect yourself in every case by learning better habits/hygiene: if possible, use only personal equipment for anything personal; otherwise, learn how to encapsulate personal activity/traffic effectively.
Effective methods include portable or web-based encrypted remote to a home PC, lightweight virtual machine with a killswitched VPN that you run exclusively from an encrypted drive that travels with you, and so forth.
Mistakes include:
Very plausible in theory, but also dramatized.
Amazing show, enjoy.
The steps tyrel took to root a phone where correct. But where he does is in seconds it took me way longer!
Yes, but in reality you need way more preparation, figure out what software they use, which weak points it might have and how to take advantage of it.
Yep through data center bonfires all things are possible
Just wait until you get to that season where he is talking to Daryl from the office the whole time. They lost me on that one. Did not make sense.
TLDR; kali linux - 1337 h4x0r
IIRC a lot of them involved hacking the user to get to the system which seems legit.
i'm sure you've seen this by now
But not many modern (work) pc should let you execute code off a usb or cd-rom (!) drive.
Get the user on their personal compy though, then find something to blackmail more info out of them. I think they do that too.
maybe-spoiler
Crucially he was still able to be some sort of admin on some of the main hacks - this is also plausible.
Did they do like a Reichstag fire to get him elevated emergency powers, and appear like a hero to the target?
This was a long time ago for me.