Fail and Ted
I admit I enjoy reading Ted's latest lawnsprinkler / flamethrower crossover piece, for the same reason I enjoy the writing of Hunter S Thompson or P.J. O'Rourke, and pull up a chair when I see Will Self on the panel of a popular news and current affairs panel discussion programme - you don't have to agree with what he says, or indeed any of it, to enjoy the spectacle of insight, humour, wit and insight flaying well-deserved targets. However... this time, I couldn't help noting the fails:
1. "... [If you could steal the password of a typical corporate drone] you most likely had credentials for a Windows NT domain or Active Directory" Hey, Ted, care to explain the difference between an "active directory" and a "Windows domain"? (Hint: they're the same thing.)
2. "What can you do with this [password]? Unless there's remote access set up, you'll need to be on the physical network to access file shares."
Well, I hate to break it to you Ted, but there's a thriving market in what are known as "remote access solutions". These days there are very few corps larger than a few tens of employees who don't have that. There's also Outlook Web Access, and any internal web-apps which have been recklessly exposed to Internet-based logins, rather than restricted to internal and VPN users only. Oh yeah, and wifi.
Oh, and by the way, any idea of the easiest way to snaffle a Windows password? No, silly, the pass-the-hash attacks are OLD. No, today the smart kids use targeted, socially-engineered 0day attack - pretty trivial to do when you know how to use metasploit, when so many execs' egos mean that info about their job titles, interests, lunchtime menu etc are freely available on, uh, El Reg f'r'instance. Guess what? _you're already inside the network at that point_.
I got bored at that point. 10/10 for the flaming contempt for all the losers out here in the big wide world, but really methinks the lady doth protest too much.
And wouldn't you know it.... hitting the link to Dzubia's brave new dotbomb (the latest one, where he jumped shortly before the last crazily-named doom-balloon where he tried to hang out went to the great shitpile in Sand Hill Drive, I couldn't help but spot a link (bottom left of the page) to... egad! It's Twitter!! http://m.twitter.com/miloshopping
Well I'm blowed. But not by Ted.