Warning: Constant ABSPATH already defined in /customers/0/c/e/ogenstad.net/httpd.www/wp-config.php on line 24 Warning: Cannot modify header information - headers already sent by (output started at /customers/0/c/e/ogenstad.net/httpd.www/wp-config.php:24) in /customers/0/c/e/ogenstad.net/httpd.www/wp-includes/rest-api/class-wp-rest-server.php on line 1673 Warning: Cannot modify header information - headers already sent by (output started at /customers/0/c/e/ogenstad.net/httpd.www/wp-config.php:24) in /customers/0/c/e/ogenstad.net/httpd.www/wp-includes/rest-api/class-wp-rest-server.php on line 1673 Warning: Cannot modify header information - headers already sent by (output started at /customers/0/c/e/ogenstad.net/httpd.www/wp-config.php:24) in /customers/0/c/e/ogenstad.net/httpd.www/wp-includes/rest-api/class-wp-rest-server.php on line 1673 Warning: Cannot modify header information - headers already sent by (output started at /customers/0/c/e/ogenstad.net/httpd.www/wp-config.php:24) in /customers/0/c/e/ogenstad.net/httpd.www/wp-includes/rest-api/class-wp-rest-server.php on line 1673 Warning: Cannot modify header information - headers already sent by (output started at /customers/0/c/e/ogenstad.net/httpd.www/wp-config.php:24) in /customers/0/c/e/ogenstad.net/httpd.www/wp-includes/rest-api/class-wp-rest-server.php on line 1673 Warning: Cannot modify header information - headers already sent by (output started at /customers/0/c/e/ogenstad.net/httpd.www/wp-config.php:24) in /customers/0/c/e/ogenstad.net/httpd.www/wp-includes/rest-api/class-wp-rest-server.php on line 1673 Warning: Cannot modify header information - headers already sent by (output started at /customers/0/c/e/ogenstad.net/httpd.www/wp-config.php:24) in /customers/0/c/e/ogenstad.net/httpd.www/wp-includes/rest-api/class-wp-rest-server.php on line 1673 Warning: Cannot modify header information - headers already sent by (output started at /customers/0/c/e/ogenstad.net/httpd.www/wp-config.php:24) in /customers/0/c/e/ogenstad.net/httpd.www/wp-includes/rest-api/class-wp-rest-server.php on line 1673 {"id":121,"date":"2008-08-19T08:11:45","date_gmt":"2008-08-19T07:11:45","guid":{"rendered":"http:\/\/ogenstad.net\/?p=121"},"modified":"2008-08-19T08:11:45","modified_gmt":"2008-08-19T07:11:45","slug":"social-engineering-on-the-train","status":"publish","type":"post","link":"http:\/\/ogenstad.net\/2008\/08\/19\/social-engineering-on-the-train\/","title":{"rendered":"Social Engineering on the Train"},"content":{"rendered":"

\"Train<\/p>\n

D<\/span>uring your childhood I’m sure you experienced a lot of magic, some things were just so fantastic and mind boggling you just couldn’t figure it out. For me, one of these extraordinary events was the work of train conductors. Before you laugh hear me out!
\n
\nOn some of the over ground trains in Sweden you don’t need a ticket to go on the train, however when the train conductor asks for your ticket you should be prepared to show it. So if you’re never asked, you basically don’t need the ticket.<\/p>\n

There was usually just one train conductor for the entire train and he would walk between the different wagons at each station. Stepping into a wagon he could walk up to all the new passengers since he entered the last time and ask the passengers for their tickets.<\/p>\n

What used to blow my mind was that as by magic the train conductors would always know which the new passengers were. They wouldn’t bug the existing passengers who had already shown their ticket. When I was a child I thought they must be superhuman, that they either had fantastic memory or were absolutely brilliant at what they did.<\/p>\n

Traveling on the same trains now I can see it so easily. The train conductors don’t ask me for my ticket anymore, though they ask everyone around me.<\/p>\n

I still have a monthly pass as it would go against my morals not to have a valid ticket, besides I also use it to ride the bus and the subways. I just find it interesting to experiment with social engineering in a harmless environment.<\/p>\n

What I noticed was that when the train conductor entered the wagon all the new passengers would reach for their tickets. Everyone who had already shown his ticket just ignored the train conductor.<\/p>\n

In reality the train conductors aren’t looking for new passengers, they are looking for people who want to show their tickets or rather they are looking for people who behave in a certain way.<\/p>\n

So if I just ignore them when they come they ignore me. I’ve also tried looking at them, even having eye contact and smiling. As long as I don’t reach for my ticket I’m safe.<\/p>\n

Looking at this from a security perspective they are very poor security guards. Their job is to protect the resource (train ride) from unauthorized use (passengers who don’t pay).<\/p>\n

Of course taking this one step further this could be according to plan, in the name of user friendliness. As in don’t bug and annoy users who have already shown their pass. I would put my money on the former explanation.<\/p>\n

In terms of social engineering this is really the low hanging fruits. You don’t have to engage in conversation or ask questions. It’s as easy as walking by a manned reception, if you behave like you belong on the inside many will just assume you do.<\/p>\n","protected":false},"excerpt":{"rendered":"

Social Engineering on the Train<\/h1>\n

\"Train<\/p>\n

During your childhood I’m sure you experienced a lot of magic, some things were just so fantastic and mind boggling you just couldn’t figure it out. For me, one of these extraordinary events was the work of train conductors. Before you laugh hear me out!<\/p>\n

On some of the over ground trains in Sweden you don’t need a ticket to go on the train, however when the train conductor asks for your ticket you should be prepared to show it. So if you’re never asked, you basically don’t need the ticket.<\/p>\n

There was usually just one train conductor for the entire train and he would walk between the different wagons at each station. Stepping into a wagon he could walk up to all the new passengers since he entered the last time and ask the passengers for their tickets.<\/p>\n

What used to blow my mind was that as by magic the train conductors would always know which the new passengers were. They wouldn’t bug the existing passengers who had already shown their ticket. When I was a child I thought they must be superhuman, that they either had fantastic memory or were absolutely brilliant at what they did.<\/p>\n

Traveling on the same trains now I can see it so easily. The train conductors don’t ask me for my ticket anymore, though they ask everyone around me.<\/p>\n

I still have a monthly pass as it would go against my morals not to have a valid ticket, besides I also use it to ride the bus and the subways. I just find it interesting to experiment with social engineering in a harmless environment.<\/p>\n

What I noticed was that when the train conductor entered the wagon all the new passengers would reach for their tickets. Everyone who had already shown his ticket just ignored the train conductor.<\/p>\n

In reality the train conductors aren’t looking for new passengers, they are looking for people who want to show their tickets or rather they are looking for people who behave in a certain way.<\/p>\n

So if I just ignore them when they come they ignore me. I’ve also tried looking at them, even having eye contact and smiling. As long as I don’t reach for my ticket I’m safe.<\/p>\n

Looking at this from a security perspective they are very poor security guards. Their job is to protect the resource (train ride) from unauthorized use (passengers who don’t pay).<\/p>\n

Of course taking this one step further this could be according to plan, in the name of user friendliness. As in don’t bug and annoy users who have already shown their pass. I would put my money on the former explanation.<\/p>\n

In terms of social engineering this is really the low hanging fruits. You don’t have to engage in conversation or ask questions. It’s as easy as walking by a manned reception, if you behave like you belong on the inside many will just assume you do.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":""},"categories":[5],"tags":[16,15],"_links":{"self":[{"href":"http:\/\/ogenstad.net\/wp-json\/wp\/v2\/posts\/121"}],"collection":[{"href":"http:\/\/ogenstad.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/ogenstad.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/ogenstad.net\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/ogenstad.net\/wp-json\/wp\/v2\/comments?post=121"}],"version-history":[{"count":5,"href":"http:\/\/ogenstad.net\/wp-json\/wp\/v2\/posts\/121\/revisions"}],"predecessor-version":[{"id":126,"href":"http:\/\/ogenstad.net\/wp-json\/wp\/v2\/posts\/121\/revisions\/126"}],"wp:attachment":[{"href":"http:\/\/ogenstad.net\/wp-json\/wp\/v2\/media?parent=121"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/ogenstad.net\/wp-json\/wp\/v2\/categories?post=121"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/ogenstad.net\/wp-json\/wp\/v2\/tags?post=121"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}