To be fair, you really can backdoor and use exploits to get through things, but 1: You have to know about them, 2: They have to be available, and most known exploits are patched, and 3: That needs to be sufficient to get you what you want.
That said, scam emails that get you to click a pdf or a link are sometimes installing a backdoor.
I'm not gonna lie, I did fall for a social engineering hack, but realized the instant I complied and immediately changed my password, run the suite of anti-virus/malware stuff, and kept my eye on my info to see if anyone accessed it the next while.
Important lesson: No matter how savvy you are, you can have an off day and get conned.
Oh, and the movie Takedown (2000) (sometimes referred to as Hackers 2) about the story of the real-life hacker Kevin Mitnick at least showed that hacking involves social engineering.
There was a scene where he literally calls a guy, says he’s IT staff for the company, and asks him to give him the password from the back of the router.
Sad thing is, I think this approach would probably still work today. People are clueless about this stuff.
I try to convince everyone I talk to about the subject to at the very least protect their email accounts properly because if someone were to gain access to that, they can get access to everything else through password recovery.
So a different password than anywhere else, 2-step verification, at the very least.
And almost always I can tell by their expression that my words are just bouncing off their ears as they enter a „let the nerd talk until he stops” mode.
That's actually a security risk on its own, most of you probably have to keep it with you written down and thus might lose it. I'm pretty sure most places today just use authenticators on work phones or something.
Oh we've got authenticators, too. But, you're absolutely right. We copy our daily passwords to a notepad on our desktop. Some folks literally call it "passwords". I've argued this sentiment many times, but the IT dept doesn't listen.
People are dumb. It's easier and more effective to blast a bunch of corpo users with a link to a free $50 Amazon gift card than trying to hack the Gibson.
My grandma almost fell for a scam the other day. She wouldn't even listen to me as I was telling her it was a scam. Luckily their kid screamed in the background and she realized it wasn't a professional setting.
Take this quiz to find out what Game of Thrones character you are: What's your shoe size, how old are you, what was your first pet's name, what city where you born, what make and model of your first car, what's your mother's maiden name, what's your birthday, name of the first concert you went to, name of your first crush, name of your childhood best friend, what's your favorite food... You are Hodor!!!
I flew international for a couple week vaca and was detained because I didn’t pack enough clothes… after nearly an hour they accepted I’m gross and let me pick my stuff up off the floor and repack it lol. Favorite story of my life. I was almost a biological threat to a nation
Ironically the massive cyberattack on Sony Pictures Entertainment in 2014, which destroyed 3,000 computers and pilfered 100 terabytes of data, was made a lot easier due to the fact that several "secure" servers had the passwords 12345, ABCDE, and password. Maybe they should have watched some of their own movies like The Net (1995)
Blizzard had an ftp server that was not password protected for some directories in like 2000-2002. I found some demo music that never got used in the game alongside the "Serve the Hive" track. I think it had the original sfx too.
My first adventure with „hacking” was when I was like 9 and my dad grounded me from using the family PC for a week. He set up a BIOS password. The meme password in my country is „dupa123”, which translates to „ass123”. Guess what the password was?
So next time he set up a stronger password but by that time I had learnt to take out the battery for a bit (worked at the time. I would HOPE it’s not as easily broken in 2025)
My work login requires me to use this little dongle thing to log in to the remote desktop and then separately log into my account inside said remote desktop. I fukin move trailers around a yard. Of course my password is 1234 cause if you took the time to steal my tablet and its assigned dongle and now you wanna log in and reassign trailers in a digital environment without even physically moving them? Fuck it, have fun buddy. Give it back when you're done playing.
I mean yes, but also no - social engineering is a large part of it, but there's still the usual shenanigans of XSS, SQL injections, buffer overflows and happy fun stack smashing shenanigans, and of course the good old "numbskull left his credentials in a public git repo" thing. Oh, and of course databases on public internet without any authentication whatsoever... that always is a favorite.
I remember there was some legal case about a GitHub repo and they forced the owners to remove some copyrighted files. "Like, wipe them from the entire commit history?" "Nah just delete them and push a commit"
forelle
Repeat after me: Hacking is the easy part. Not getting cought is the hard part.
codenameRadical
To be fair, you really can backdoor and use exploits to get through things, but 1: You have to know about them, 2: They have to be available, and most known exploits are patched, and 3: That needs to be sufficient to get you what you want.
That said, scam emails that get you to click a pdf or a link are sometimes installing a backdoor.
IgnisInvictus
https://media4.giphy.com/media/v1.Y2lkPWE1NzM3M2U1NjZ1b242eDdnZXI0Mm00c21jbWcwZGQ4dDFuOTQzN2I4NTIyYm4weiZlcD12MV9naWZzX3NlYXJjaCZjdD1n/AP8vbzOUu8wk8/200w.webp
RenaissanceFaireMan
"This is your IT, click on the link below to review our new security policies"
reineseele
Amateur: <- that is how you do it
ScootinNtootin
I'm getting Pete Holmes vibes from this guy. He even looks and sounds like he's related.
xerasiel
vintagebroad
The character that is the hacker in the tv show Tracker is god like lol
Cactus21
Got a source @op ?
rshini
I'm not gonna lie, I did fall for a social engineering hack, but realized the instant I complied and immediately changed my password, run the suite of anti-virus/malware stuff, and kept my eye on my info to see if anyone accessed it the next while.
Important lesson: No matter how savvy you are, you can have an off day and get conned.
MasterMookie
Password retrieval from: noreply@rnicrosoft.com
cousteau
I understood that refererice!
DinkyDoinky
Lol, good one
Yasashii93
The only show I’ve seen that actually shows hacking somewhat realistically was Mr Robot.
…at least the first few seasons, it got REALLY fucking weird by the end.
Yasashii93
Oh, and the movie Takedown (2000) (sometimes referred to as Hackers 2) about the story of the real-life hacker Kevin Mitnick at least showed that hacking involves social engineering.
There was a scene where he literally calls a guy, says he’s IT staff for the company, and asks him to give him the password from the back of the router.
Sad thing is, I think this approach would probably still work today. People are clueless about this stuff.
Yasashii93
I try to convince everyone I talk to about the subject to at the very least protect their email accounts properly because if someone were to gain access to that, they can get access to everything else through password recovery.
So a different password than anywhere else, 2-step verification, at the very least.
And almost always I can tell by their expression that my words are just bouncing off their ears as they enter a „let the nerd talk until he stops” mode.
sadurdaynight
Meanwhile my company makes us refresh our passwords daily like we're in Mission Impossible
Radix865
That's actually a security risk on its own, most of you probably have to keep it with you written down and thus might lose it. I'm pretty sure most places today just use authenticators on work phones or something.
sadurdaynight
Oh we've got authenticators, too. But, you're absolutely right. We copy our daily passwords to a notepad on our desktop. Some folks literally call it "passwords". I've argued this sentiment many times, but the IT dept doesn't listen.
freakdiablo
People are dumb. It's easier and more effective to blast a bunch of corpo users with a link to a free $50 Amazon gift card than trying to hack the Gibson.
MightyIink
Hacking in real life: "Call the number on the popup."
Person 1 "No!", Person 2 "No!", Person 3 "No!", Person 4 "No!", Person 5 "Shit, maybe."
pixelsnader
If you had a dog and a cat that were named after your username and password, what would you call your pets?
Isthe4thtimethecharm
My grandma almost fell for a scam the other day. She wouldn't even listen to me as I was telling her it was a scam. Luckily their kid screamed in the background and she realized it wasn't a professional setting.
GiantSquanchy
Take this quiz to find out what Game of Thrones character you are: What's your shoe size, how old are you, what was your first pet's name, what city where you born, what make and model of your first car, what's your mother's maiden name, what's your birthday, name of the first concert you went to, name of your first crush, name of your childhood best friend, what's your favorite food... You are Hodor!!!
grandfalloon
Hodor!
TakuanSoho
Person 682 "Holy shit those hot milfs keep following me whatever my area !"
Atratvs
Use in fullscreen: https://hackertyper.net
cousteau
I just opened the link on my phone to see if it also worked on mobile.
Atratvs
Yes, I checked before on mobile. As a true hacker, you need to try it on on PC in fullscreen;)
cousteau
Yeah because my stupid phone keyboard doesn't have an Alt key to do the Easter egg thing
peeopeepeee
So glad he still followed up with "I'm in"
grokitman
By which he means, they've scheduled a date.
Aksuuuh
Same clothes 3 months later. I'm just going to pretend it's not true to life
sangman
TrumpRapesAndEatsChildren0002
What's that supposed to mean? You throw your clothes away every month and get new ones?
WorkerLurker
I knew someone who would buy clothes at the other end of a flight for their stay and donate them when they left.
TrumpRapesAndEatsChildren0002
Might be cheaper than lugging around the... luggage
ThinkThisOut
I flew international for a couple week vaca and was detained because I didn’t pack enough clothes… after nearly an hour they accepted I’m gross and let me pick my stuff up off the floor and repack it lol. Favorite story of my life. I was almost a biological threat to a nation
marthafarquar
Ironically the massive cyberattack on Sony Pictures Entertainment in 2014, which destroyed 3,000 computers and pilfered 100 terabytes of data, was made a lot easier due to the fact that several "secure" servers had the passwords 12345, ABCDE, and password. Maybe they should have watched some of their own movies like The Net (1995)
katzohki
Blizzard had an ftp server that was not password protected for some directories in like 2000-2002. I found some demo music that never got used in the game alongside the "Serve the Hive" track. I think it had the original sfx too.
Yasashii93
My first adventure with „hacking” was when I was like 9 and my dad grounded me from using the family PC for a week. He set up a BIOS password. The meme password in my country is „dupa123”, which translates to „ass123”. Guess what the password was?
So next time he set up a stronger password but by that time I had learnt to take out the battery for a bit (worked at the time. I would HOPE it’s not as easily broken in 2025)
katzohki
BIOS passwords are usually not implemented at all and some can still be defeated by battery removal yes
cousteau
https://thedailywtf.com/Articles/PIN-Panic
mondeca
The Net? With that actress from The Bus?
IHaveGreatKittenRecipes
My work login requires me to use this little dongle thing to log in to the remote desktop and then separately log into my account inside said remote desktop. I fukin move trailers around a yard. Of course my password is 1234 cause if you took the time to steal my tablet and its assigned dongle and now you wanna log in and reassign trailers in a digital environment without even physically moving them? Fuck it, have fun buddy. Give it back when you're done playing.
Legomaniac91
"12345? Thats the stupidest combination I've ever heard in my life! Thats the kind of combination an idiot would have on his luggage!!"
TripleDane
"12345" wow what a coincidence, that's the same combination for my luggage.
cousteau
I'm gonna leave this here. https://thedailywtf.com/Articles/PIN-Panic
3nd3rwiggin
Worked for SOCOM in '95. In a meeting going over server deployment. One of the servers ended in 007. Jokingly said "Root password Connery?"+
3nd3rwiggin
The SysAdmin turned red "Not anymore!"
cousteau
"Gotcha!" *starts typing b-r-o-s-n…"
perlninja
I mean yes, but also no - social engineering is a large part of it, but there's still the usual shenanigans of XSS, SQL injections, buffer overflows and happy fun stack smashing shenanigans, and of course the good old "numbskull left his credentials in a public git repo" thing. Oh, and of course databases on public internet without any authentication whatsoever... that always is a favorite.
cousteau
The git repo one must hurt. "Can you just delete it? It's just one file, right?
perlninja
Oh yeah, got that a few times "we fixed it, we just removed the file" - because they forget git has history xD But that's what BFG is for I guess...
cousteau
I remember there was some legal case about a GitHub repo and they forced the owners to remove some copyrighted files. "Like, wipe them from the entire commit history?" "Nah just delete them and push a commit"
perlninja