1. Welcome to our site! Electro Tech is an online community (with over 170,000 members) who enjoy talking about and building electronic circuits, projects and gadgets. To participate you need to register. Registration is free. Click here to register now.
    Dismiss Notice

Shocked from a tranformer

Discussion in 'Electronic Projects Design/Ideas/Reviews' started by goofeedad, Aug 8, 2009.

  1. giftiger_wunsch

    giftiger_wunsch New Member

    Joined:
    Jun 15, 2009
    Messages:
    813
    Likes:
    3
    Location:
    Kent, England
    Actually, the adaptive immune system is activated by macrophages and dendritic cells as they destroy the pathogen. The innate immune system starts attacking immediately, as well as activating the more effective specific immune system via T-Lymphocyte activation. Except in an individual with compromised immune system, a pathogen is never left to invade unhindered.

    As for allowing hackers to penetrate security systems, that's not the case either. People caught hacking into a system without permissions are put in prison. They may hire professional hackers to attempt to gain access to their system and report the result to them, but I hardly think that compares to exposing the system to an actual attack.
     
    Last edited: Aug 12, 2009
  2. marcbarker

    marcbarker New Member

    Joined:
    Jul 5, 2009
    Messages:
    727
    Likes:
    7
    Location:
    London, UK
    Sorry to bear bad news but in the real world, that is exactly the case.

    Just like the fictional concept of the Borg in Star Trek NG, who become strengthened in response to attack. Hackers are allowed to penetrate, perhaps into a 'walled garden', under the watchful eye of system adminstrators, who respond by strengthening as required, and no more, probably also because if it was perfect they would be doing themselves out of a job. The 'hackers' you hear of on the news are people that had been made an example of, while the vast majority are anonymous, just like the majority of people exceeding the speed limit are doing so between speed cameras.
     
    Last edited: Aug 12, 2009
  3. giftiger_wunsch

    giftiger_wunsch New Member

    Joined:
    Jun 15, 2009
    Messages:
    813
    Likes:
    3
    Location:
    Kent, England
    Return to the real world for a moment. No responsible system administrator would intentionally allow an unknown hacker to breach their network. Penetration testing is a useful tool for testing security, and it is used to attempt to prevent real attacks succeeding.

    Monitoring how hackers are attempting to gain access and correcting the potential flaw they are attempting to exploit certainly takes place, but you don't just open the doors for hackers. Casing point, I noticed repeated failed attempts in my server logs from script kiddies attempting to dictionary-attack administrator passwords using a list of common usernames for FTP and SSH. I responded by installing fail2ban, which temporarily bans an IP after a specific number of failed attempts. Ergo I have removed a security issue without having to learn about it the hard way ;)

    [​IMG]


    Anyway this discussion is becoming less and less relevant so let's just agree that our approaches to minimising electric shock risk are different but both may have their merits :p

    PS. Sorry about the picture, it just seemed far too appropriate to pass up on :D
     
    Last edited: Aug 12, 2009
  4. dave

    Dave New Member

    Joined:
    Jan 12, 1997
    Messages:
    -
    Likes:
    0


     
  5. marcbarker

    marcbarker New Member

    Joined:
    Jul 5, 2009
    Messages:
    727
    Likes:
    7
    Location:
    London, UK

    It's very relavent to the point I was making. :)

    As you just indicated, responsible and smart admins are learning the risks all the time, it's an ongoing process, and as you desribed, you yourself allowed a degree of penetration into your defences first.

    If you had the monetary resources, you can buy and add on every available security product to address every 'threat' and not trust anyone or anything (perhaps only trust the 'reputation' of the security product suppliers), or.... you compromise, like you did. Even if you could afford all the security, would you play all your cards in one go?

    I'm sure you realise that believing your security system is "perfect" and that it no longer requires any improvement, paves a clear path for a painful denial when a major security breach (electric shock) occurs. The old saying... pride comes before a fall.
     
    Last edited: Aug 12, 2009
  6. giftiger_wunsch

    giftiger_wunsch New Member

    Joined:
    Jun 15, 2009
    Messages:
    813
    Likes:
    3
    Location:
    Kent, England
    They didn't manage to penetrate, they never even managed to guess any of the usernames right, let alone passwords :D and I certainly didn't 'allow' them to do so, I took immediate action to prevent their attempts.

    That's more or less exactly my point - I take perhaps more precautions than strictly necessary when dealing with potentially harmful voltage to prevent it occuring. I recognise that the internal insulation could never be perfect so I add redundancy to doubly protect users. (Or with the transformer I was testing, I recognise that although my knowledge of transformers leads me to believe that the core should not be have any charge and should not be able to shock me, the fact that a small short-circuit between the primary (mains) winding and the core would happily make me fizzle if I touched it)

    Anyway, as I said, I don't think this debate is going to come to an easy resolution so let it be known that we have differing opinions and the OP can decide for himself what's appropriate for his device :p
     
    Last edited: Aug 12, 2009
  7. marcbarker

    marcbarker New Member

    Joined:
    Jul 5, 2009
    Messages:
    727
    Likes:
    7
    Location:
    London, UK
    How many years did your hackers get for attempting to breach your FTP server security?

    Sorry, but by your own admission you effectively gave your hackers permission to try, because you responded afterwards, and not before!

    Like you say: "a pathogen is never left to invade unhindered", just like police will allow a crime to be committed first before arresting, the pathogen needs to be recognised doing its job.

    What if there was an unknown chemical defect in the material each insulation is made with?

    By the way, the caretaker (tough as old boots he was) in my old school used to test light sockets by touching to feel if they are live. It was a trick he picked up that was popular when an Avometer cost the equivalent of a month's wages. And when cable was being tested a century ago, they used to employ a boy to guide the live cable onto the drum, who would let go if he got a shock!
     
    Last edited: Aug 12, 2009
  8. Torben

    Torben Well-Known Member

    Joined:
    Oct 6, 2006
    Messages:
    2,507
    Likes:
    34
    Location:
    B.C., Canada
    I know I'm wading in when the discussion is pretty much over :) but I'd have to say that IMHO you're both right. Responsible admins don't just let attackers in to watch what they're doing, but it's not that uncommon to set up a honeynet or honeypot to do exactly that--or rather, to *appear* to do exactly that. The honey(net|pot) is intended to make the attacker think they're in, and gives them something to chew on while the admins watch. It lets the admins study the techniques being used and, if there are new techniques being used, hopefully helps with the design of better countermeasures.

    As Giftig notes (am I getting that name right?) this isn't quite the same as just letting the attacker in--although if done right, that's what it looks like from where the attacker is sitting.

    I suspect that's what Marc was getting at and that Giftig also knows this--just thought I'd give the technique its name for anybody else who stumbles across the thread later on.


    Cheers!

    Torben
     
  9. marcbarker

    marcbarker New Member

    Joined:
    Jul 5, 2009
    Messages:
    727
    Likes:
    7
    Location:
    London, UK
    Yes that's what part of I was trying to say. A honey pot trap is a bit like "Thirteenth Floor".

    But contemporary security is like a strategic conflict, the admins don't implement everything (like DEFCON1) all in one go. That would be like macaffee and norton releasing too much security too quickly which would kill off their market dependency, if they did that, they would have to resort to scaremongering to sell their product instead.
     
    Last edited: Aug 12, 2009
  10. be80be

    be80be Well-Known Member

    Joined:
    Aug 23, 2008
    Messages:
    4,794
    Likes:
    134
    Location:
    morristown,tn
    Go figure Macaffee and Norton would not be if not for hackers who would you want to keep working??????? LOL
     
  11. marcbarker

    marcbarker New Member

    Joined:
    Jul 5, 2009
    Messages:
    727
    Likes:
    7
    Location:
    London, UK
    The way that NAV and Macafee slooooooooooooooowwwwww down workstations with memory leaks and bandwidth hogging updates, it's as though it's doing the work of the viruses for them!
     
  12. giftiger_wunsch

    giftiger_wunsch New Member

    Joined:
    Jun 15, 2009
    Messages:
    813
    Likes:
    3
    Location:
    Kent, England
    Do try not to be so literal :rolleyes: I did, however, contact the server administrators for the origins of the attacks (which were mainly cheap web hosts) and in a couple of cases I was informed the user responsible had been banned from using their service. So that was a bit of a win :D

    And I fail to see how you can call it 'giving hackers permission to try'. That's like saying that building a wall out of wood instead of stone is giving vandals permission to burn it down.
     
    Last edited: Aug 12, 2009
  13. marcbarker

    marcbarker New Member

    Joined:
    Jul 5, 2009
    Messages:
    727
    Likes:
    7
    Location:
    London, UK
    Each and every time The Three Little Pigs tell their story, they give the Wolf permission to blow both their straw and their wooden house down. This validates the Wolf as a threat.

    One of the fundemental things about Design, is that a good design is the one that does the job and no more. Any more is a waste of resource.

    One day the little pigs story may evolve into wood/bricks/TitaniumAlloy
     
    Last edited: Aug 12, 2009
  14. giftiger_wunsch

    giftiger_wunsch New Member

    Joined:
    Jun 15, 2009
    Messages:
    813
    Likes:
    3
    Location:
    Kent, England
    Good thing I'm not a pig; not anticipating an attack doesn't mean you're giving it the go-ahead. Besides which, thanks to the use of non-standard usernames and strong passwords, the attacks would never have achieved anything anyway; I just wanted to a) make sure of that and b) stop my logwatch notifications being >1MB in size :rolleyes:

    To continue the metaphor, they tried to burn down my 3ft-thick steel wall with a box of matches and I sucked out all the oxygen from around the wall. ;)
     
  15. marcbarker

    marcbarker New Member

    Joined:
    Jul 5, 2009
    Messages:
    727
    Likes:
    7
    Location:
    London, UK
    If despite all the security you had in place, an attacker had still got through somewhere else that you'd missed, what would it take for you to believe it?
     
  16. giftiger_wunsch

    giftiger_wunsch New Member

    Joined:
    Jun 15, 2009
    Messages:
    813
    Likes:
    3
    Location:
    Kent, England
    I would find evidence that it had occured, find out how it occured, and think up an ingenious way of patching the hack :D

    It's not an issue of whether it would be possible for someone to penetrate my server, I'm saying not being prepared for every possible eventuality isn't 'inviting' an attack. If my server was hacked, I would certainly learn from it but that doesn't mean I would intentionally expose my system to attack in order to produce counter measures, that couldn't provide any insight if they were deliberately allowed to 'hack' the system.

    Applying this back to the actual matter at hand, why fail to implement safety protocols in order to learn how best to implement safety protocols? If you use a particular method to attempt to minimise the risk of shock, and it doesn't work, then you consider what went wrong and come up with a new way of dealing with that specific problem. The metaphor holds.

    What you seem to be saying is that there's no point in trying to protect yourself from shock because you might get shocked anyway. Well that's a risk that will always be present but can be minimised by taking safety precautions.
     
    Last edited: Aug 12, 2009
  17. marcbarker

    marcbarker New Member

    Joined:
    Jul 5, 2009
    Messages:
    727
    Likes:
    7
    Location:
    London, UK
    There you are then, that proves what I'm saying. Because you're talking in past tense....


    Are you sure that's what you think I'm saying? To go right back to the beginning, remeber I said:


    But beware of 'over-reaction' :) Remember, I said:

    Talking of H&S... I think it was year before last, somewhere in UK, a city council decided after nearly a century (apart from wartime), it would no longer install Annual Christmas Illuminations.... because of "Health and Safety" :)
     
    Last edited: Aug 12, 2009
  18. kchriste

    kchriste New Member Forum Supporter

    Joined:
    Jul 23, 2006
    Messages:
    3,677
    Likes:
    47
    Location:
    Victoria BC, Canada
    There are two types of risk. Stupid risk and smart risk. The choice should be obvious. If not, Darwin wins again. :D
     
  19. be80be

    be80be Well-Known Member

    Joined:
    Aug 23, 2008
    Messages:
    4,794
    Likes:
    134
    Location:
    morristown,tn
    That's good to remember when going in to businesses
    Smart risk they put in the money
    Stupid risk You put in the money :D:D:confused:
     
  20. giftiger_wunsch

    giftiger_wunsch New Member

    Joined:
    Jun 15, 2009
    Messages:
    813
    Likes:
    3
    Location:
    Kent, England
    Explain? :confused:
     
  21. Hero999

    Hero999 Banned

    Joined:
    Apr 6, 2006
    Messages:
    14,902
    Likes:
    79
    Location:
    England
    I don't know maybe:

    The Christmas tree lights might overhead and burn down London.

    Some of the heavy decorations my fall and injure someone.

    Thieves might be electrocuted if try to steal the lights.:D
     

Share This Page