Domain: mitnicksecurity.com
Stories and comments across the archive that link to mitnicksecurity.com.
Comments · 9
-
Re:For $15K? Still not worth reporting it.
Apparently these types of exploits can be sold legally for $100k.
-
Re:so what does the company do?
It is an LLC, which doesn't really answer the question, but it does suggest it's on the smaller side.
-
Re:why yes
Lets just scare a 26 year old into thinking hes going to be forever labeled a felon... This means no job in the IT industry, one heck of a time finding housing, and good luck with quite a few other aspects of life that people take for granted.
-
Re:Must be said!
http://www.mitnicksecurity.com/
Already been done and now he's doing quite well for himself. He was wrong for doing what he did, and yes so to was the government.
However he is now doing fairly well for himself with his books and appearances on TV. I think AMW last year he was working to help profile a computer hacker.
You want him free? Done and Done.
-
id, cc, credit
Ok, that makes sense for peaches, but what if your credit card gets stolen and is used to buy thousands of dollars worth of items, or a gun that gets used in a murder, or something illegal and the person didn't get caught for some length of time because no one ever checks ID? Granted, if you report it stolen, those transactions will be cleared...eventually, but there's a chance that that won't happen until after everything's said and done on the part of the criminal.
Ok yes, if you pay with check or credit card then your id better be checked. This is something that really agravates me where I live, almost no one checks id. And I recently heard something about how VISA isn't requiring id checks for purchase of up to a certain amount, $15.00 I think. That's BS, legally a cc holder is required to pay up to something like $50 even if their card is stolen. Even if not true though I don't want anymore risk of my id being stolen. Having your id stolen can ruin your life.
Think about it, any application you fill out and turn in to the company has enough information on it to not only steal your ID, but pretty much erase you completely in the public's eye.
That's a big reason I wouldn't share any personal data if I don't believe it's needed. I don't and haven't filled out any application requesting financial info or personal data in several years. Well I provided some personal data about a year ago when I had to see a psychologist, I had to see her for an evaluation for my SSI, I'm on disability.
all anyone really needs to steal another's ID is your full name and date of birth. From there, with enough digging and a little social engineering, any other information can be found.
Date of birth and full name aren't even needed really, social engineering can get that info for you. But why make it any easier? Kevin Metnick has shown, and testified to congress on how easy it is to get this info.
Falcon -
Hey Woz!
I see that you have a nice list of your friends web pages on your site which is great, including the link to Kevin Mitnick's site which is nice because he was in jail and everything but now it redirects to Kevin's new business which I don't have any problem with either, except that Mitnick has actualy spent time in jail for doing bad things to people and their systems and now seems to make money advising people how to steer clear of people like himself.
I'm not making any suggestions or anything, just pointing that out.
-
Re:No new news here
Somone needs to put together a description on how a "social engineering" penetration test should be done objectivly. If there is one out there please let me know. =P
Kevin Mitnick has written some interesting books that cover social engineering attacks extensively. More info here and here. They are a must read for anyone working in security. -
You haven't read his book then ?
I consider The Art of Deception to be up there with Bruce Schneier's two books, Secrets and Lies, and Beyond Fear. It is a real eye-opener on the techniques a social engineer can use, and should be mandatory reading for anybody entering the infosec field. You can be pretty sure that he has used all the techniques described, just that the names, places and times have been changed to protect the innocent.
If you choose to get it, look for the "lost" Chapter 1 on the Internet.
I've also noticed that his new book, The Art of Intrusion has just been released. I'm sure I'll get it in the near future.
-
You haven't read his book then ?
I consider The Art of Deception to be up there with Bruce Schneier's two books, Secrets and Lies, and Beyond Fear. It is a real eye-opener on the techniques a social engineer can use, and should be mandatory reading for anybody entering the infosec field. You can be pretty sure that he has used all the techniques described, just that the names, places and times have been changed to protect the innocent.
If you choose to get it, look for the "lost" Chapter 1 on the Internet.
I've also noticed that his new book, The Art of Intrusion has just been released. I'm sure I'll get it in the near future.