, , , ,

Greetings, Earthlings and Script Kiddies

cobra wheelWelcome to my blog. It has to start somewhere, and this is where it starts. And the trek had to start sometime; it should have started a long time ago, but it didn’t, so here we are.

This blog will be a spot to discuss topics of professional and personal interest to me, mainly focused on the realm of information technology, focusing on software development, security, enterprise computing, and the like.

Let me start with a story software hacking that begins, oddly enough, with an automotive service experience.

Earlier this week, I took my beloved 1993 Mustang GT to the Ford dealer for a routine maintenance, which includes a tire rotation. At about 11:00 am, I got a call from the service advisor: “Mr. Zeichick, I can’t find the key for your wheel locks. Where is it?”

I drove back to the shop, we searched high and we searched low. We couldn’t find the special key, so we skipped that part of the service.

But now I’ve got my mighty steed parked in the driveway, with a missing wheel lock key. What if I get a flat? I need to get those locks off pronto!

Wheel locks are a nuisance. However, I have expensive Ford Cobra rims, the dealer advised that their TTL (time to live) without locks would be less than a week. Ever since, I assumed that the wheel locks would do a decent job protecting the vehicle. How can I get them off without damaging the wheels? Gosh, this is going to be hard.

Time to ask an expert. I went to my local Sears hardware store with a spare lug nut, and asked my favorite salesman if he knew how to jury-rig sockets, wrenches, pry bars and other implements to get the wheel locks off. “Relax,” he laughed, and referred me to the “SK 2-Piece 1/2-Inch Drive Wheel Removal Kit” designed expressly for removing damaged lug nuts and wheel locks.

Five minutes after getting home, the lock nuts were removed, without damaging the wheels or bolts. And three of those five minutes were spent finding the half-inch socket set.

My confidence in Sears went up – while my confidence in wheels locks went down. If I could buy this tool “over the counter” at my local hardware store, then presumably anyone who wanted to lift wheels would already have one. Bottom line: those wheel locks wouldn’t have even slowed a thief down. Ignorance was bliss. My ignorance could have cost me, big-time, especially if those had been really expensive rims, or if the car was routinely parked on the street, instead of in my garage.

When it comes to people who want to break into your system, there are two types: technical experts, who will use their superior knowledge and experience to find and exploit your Web site or application vulnerabilities – and “script kiddies,” who will simply apply pre-existing hack techniques and use tools created by other people. Just like any petty thief could buy the wheel-lock removal kit at Sears, so any script kiddie can download hacking tools for free.

Now I’m hunting for a better grade of wheel lock… and you should be making sure that your own app-security measures won’t fall to the first script kiddie who decides to target your applications and data with an over-the-counter tool.