posted on Feb, 3 2009 @ 03:22 PM
Can you be more specific about this? What kind of thing you are talking about? If you mean like that guy from england, then I can explain how that
happens. The case in england is particularly disappointing as I heard it was admin and blank password.
But generally these holes, as was in the case with england happen because of user error. Meaning, people create username and passwords that are easy
Back in the day, I use to get free internet by cracking peoples AOL accounts. And it was all because they had usernames and passwords which were
guessable. You'd be surprised at the number of people who have passwords like "hornyman" or some little easily guessable password.
Of course, the person isn't going to sit there and manually try to guess these. Takes way too long. So what you do is you either go to chat rooms
and get peoples screennames(with a program), or you have a database of popular usernames, admin being a default one of them. You then also have a
database that contains popular passwords.
So a program just sits there and tries to login over and over with different combinations. When it is successful, then the program throws the
combination into another database. And with that, you have cracked peoples accounts. Then you just login with their info yourself, and just like
that you are in.
There are security measures that can be taken, like limiting the number of times an ip address can try to log in before it cuts it off. These things
can be gotten around if the person is persistent enough. This is why you see places making sure you put in "strong" passwords. Because these
types of programs are really just looking for the weakest links, and will maybe get 1 out of say 100 users right, all dependent on the database, and
the bigger the database the more tries it takes per, etc.
You still have to write a program that does it all though.
And there is other stuff too, like sending code to a program by including a line ender, and then you insert some code that does what you want, and
then after that, close it back up so it doesn't cause errors, those are some more serious hacks. As far as I can tell with the guy in england for
example, he was just someone cracking passwords. And that comes down to user errors.
For it be on purpose, would pretty much mean they were purposely choosing weak passwords. Which is possible. But as someone who's been in the
military, I don't find it very odd that they would have weak passwords.
Of course, you would think they would be a bit more on guard about such things. I'm a programmer, but I'm not some security specialist being paid
millions of dollars on contract and I know this stuff.