Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mitnick Testifies on Telco's Security

Posted by michael on Monday June 24, 2002 @11:57PM from the what-me-worry dept.

Woefdram writes "Our favourite computer criminal (?) Kevin Mitnick testified in a case against Telco Sprint that their security was like Swiss cheese: full of holes. The story on SecurityFocus quotes Mitnick, saying, 'I had access to most, if not all, of the switches in Las Vegas,' and tells how he came up with a list of 100 challenge-response codes." We've written about this case before.

1 of 206 comments (clear)

Min score:

Reason:

Sort:

Re:from a former Nortel employee... by JUSTONEMORELATTE · 2002-06-25 01:35 · Score: 5, Insightful

To be REALLY fair to nortel, while the web was young seven years ago, (the net was old, even then) that has absolutely nothing to do with this crack job.
The DMS-100s were broken the good old fashioned way -- use a war dialer to find the dialup number, then call the switch directly. Once connected, try the obvious passwords first (either admin/admin or admin/NORTEL_DEFAULT_PASSWORD, which Mitnick had learned from Nortel docs)

Deander2 got it right -- Nortel designed an absurdly complex product, and was unmotivated to clean house because they were able to rake in the consulting bucks. WHEN (not if) this comes back to bite a client in the butt (like it did with Sprint) Nortel takes no heat for it, and in fact most likely gets even MORE consulting dollars for a hasty clean-up effort.