How to get Hacked – Part 1

How to get Hacked Part 1 provides a novice user a road map of a structured and instructive outline on how to get hacked quickly and efficiently.

  • Don’t update or patch your computer, router, car or baby monitor. Known days are better than 0days
  • $10 routers seem like a reasonable business price for your perimeter protection
  • Clouds are soft and fluffy. Upload voter records. Clouds secure themselves. They have lightning and thunder
  • Run Adobe Flash
  • Client side hacks are the clients issue not your company, you run servers
  • Run Java 6 because your old accounting software needs it
  • Put your company passwords in a spreadsheet labeled passwords on your desktop, extra points if you make it public so you don’t have to share it with each person
  • List confidential projects you have worked on in your resume and LinkedIn
  • Run Windows XP embedded on your kiosk that everyone is afraid to touch or upgrade
  • Run QuickTime on Windows
  • Shadow IT is the only true IT
  • Dropbox, Drive, OneDrive with link sharing for secure files is way easier than using an approved method
  • Don’t just bring your own device to work. Bring your and everyone else’s devices to work. Works internet is better so you can torrent Photoshop and Game of Thrones faster
  • Need to know? You and the entire company need to know. Having access to everything is the only clear way to do their jobs
  • Don’t use antivirus or anti malware/exploit software. If you do best not to run scans or updates
  • Don’t sanitize inputs, they are clean enough
  • No need to test security, you got this!
  • Got a new baby monitor? Why wouldn’t you put it on the internet?
  • Roll your own crytpo – you can do it better
  • Obfuscation = security
  • Salts are for food and hashes are for hippies.Hacker, security concept, hacking bank or social media thief
  • Sharing user accounts makes is easier as you don’t need to do anything when someone quits
  • CEO emailed you but his ‘reply to’ is ceo563@yahoo.com You should probably do what he says
  • Sit around and wait for Brian Krebs @ Krebs on Security to give you a call http://krebsonsecurity.com/
  • Yes you want to give social media credentials to any game or website that asks for it
  • Found a thumb drive? You should plug it in to see who it belongs to
  • Someone’s phone is dead? You should let them charge it from your computer or better yet from the server
  • Got a new security camera? dont change the password and put it on the internet
  • Got a new fridge? The internet needs more remotely accessible fridges
  • If something isn’t working it must be the firewall. Change to any any any. You will come back and fix it later
  • Can you get your company the best SEO on https://shodan.io?
  • Don’t check https://haveibeenpwned.com/
  • See traffic routing through Iran, Russia and China? Its probably normal
  • Private keys are meant to be shared
  • SSL certs must work for internet explorer 6 and android froyo. Poodles are not that scary and downgrading makes the attack less severe
  • Having a CISSP makes you secure
  • Pretty dashboards and attack graphics mean more security
  • Being a part of a botnet is prestigious
  • Just text passwords
  • Headers don’t need security. It just the top of a webpage
  • Why look for vulnerabilities? You have widgets to deliver
  • If some “security researcher” wants to tell you about an issue with your security best to sue them and hush them up with gag orders
  • If there isnt a logo for a vulnerability there is no need to worry about it . No logo = no threat

Looking for How to Get Hacked – Part 2?