Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mitnick Speaks About Hacking

Posted by CmdrTaco on from the stuff-to-read dept.

Rob_Warwick writes "I've just posted a one on one interview with Kevin Mitnick on Applefritter. In just less than 20 minutes, we take a look at who generally gets targeted by social engineering schemes, and how social engineering can assist in making a technical exploit work. Mitnick speaks about which industries are at highest risk from social enginerering, and what types of workers are generally easier to talk into doing something for you. Kevin also talks about who his heroes were when getting into phreaking and computers, as well as a humbling moment when he was on the recieving end of some social engineering. The HOPE keynotes for both Kevin and The Woz are also available for download."

13 of 221 comments (clear)

  1. easy by Anonymous Coward · · Score: 5, Funny

    In just less than 20 minutes, we take a look at who generally gets targeted by social engineering schemes,

    answer: people with passwords

    and how social engineering can assist in making a technical exploit work.

    answer: get people with passwords to tell you their passwords

    Did anybody time me?

  2. Mitnick stories... by anakin357 · · Score: 5, Interesting

    Is it just me, or do you really don't care about him anymore?

    It's a bad dream that just wont go away, some people are so enamored with Kevin that they feel the need to post every story that includes his name.

    He's a felon.

    One of the first, abeit more publicized and punished geeks, and I really don't care to read stories about him. About the only thing that actually is interesting is that this guy got caught by trying to hack into some other geeks computer, and was traced back to his location.

    Amature. Go social engineer some money out of a bank instead of robbing it with a gun, and THEN I'll be interested.

    I can see it now, bumper stickers that read:

    "Free Kevin v2.0"

    --
    http://www.fsckin.com/
    1. Re:Mitnick stories... by +Addict-09+ · · Score: 4, Insightful

      Finally, a slashdotter who is responsible enough to recognize Mitnick for what he is.

      To all you Anonymous Cowards: No he's not a hero

      Did he suffer a misjustice? Maybe (I'm not a lawyer), but he put himself in that position. Play with fire and someday you'll get burned, it's just that simple.

  3. How to guarantee replies by Anonymous Coward · · Score: 5, Funny

    to your Slashdot comments:

    * Mis-spell your Subject line.
    * Use the unit milligram (mg) instead of megabyte (MB).

    1. Re:How to guarantee replies by sploo22 · · Score: 5, Funny

      It's not a milligram, it's a milligig - 1/1024 of a gigabyte. :)

      --
      Karma: Segmentation fault (tried to dereference a null post)
  4. Re:Biometrics by Lehk228 · · Score: 4, Insightful

    "the machine's not letting me in, could you palm the door for me?, thanks"

    --
    Snowden and Manning are heroes.
  5. Re:Biometrics by Eivind · · Score: 4, Insightful
    Biometrics alone is, atleast presently, useless. There's simply two orders of magnitude too many false positives and false negatives.

    Aside from that, the implementation is icky. Half a year ago you could read about every single comersially available fingerprint-scanner being defeated by cheap and simple tricks such as for example blowing graphite-dust over them (sticks to the fat-traces from previous finger), and then pressing down on them with a piece of clear tape.

    Also, in many situations they're just not useful, how could biometrics secure the login to your online bank ?

    Authentication is based upon one or more of what you *know* (for example a password), what you *have* (for example smart-card or key) and what you *are* (for example biometrics).

    Good, robust security uses a combination. For example, the combination of posessing a smart-card and knowing a code is used to authenticate to my online bank.

    Even if someone convinced an account-holder to give up the password, that'd still not matter, aslong as they didn't *also* convince the person in question to hand over the smart-card.

  6. Re:off topic nitpick by riley · · Score: 5, Funny
    It's "heros" not "hero's". Why do people insist on using an apostrophe before an s indicating plurality, no possesion?

    Errr...heroes is the plural, not heros.

  7. tips by MikeHunt69 · · Score: 5, Insightful

    I just heard the first 30sec of the mp3 file, and couldn't continue. It was far too painful - the guy doing the interview should slow the fuck down when speaking. You don't get medals for quantity over quality.

  8. Obligatory "It's Crackers not Hackers" post by hugesmile · · Score: 4, Funny

    Don't you know that the correct way to refer to someone who breaks into security of systems is to make a derogatory comment about his Caucasian ethnicity?

  9. fraud NOT "social engineering" by Anonymous Coward · · Score: 4, Insightful

    What Mitnick does is not "social engineering." Social engineering would be something like trying to convince a population of people to eat more healthily, or stop smoking, or something like that.

    What Mitnick does is fraud. Alternatively, you can call it grift, or con. (As in, Mitnick is a con man.)

    Using the term "social engineering" is playing into the hands of the con men. It's a term they invented to con you in to thinking that what they do is somehow more acceptible than it is.

    Use the term, and you've been conned.

  10. Sorry, Canadian Accent by Rob_Warwick · · Score: 4, Informative

    Sorry about the quality folks, I'll put up a transcript after I get it typed. I've got a train ride back to New Jersey tonight, so I'll throw it up. Also, sorry about the Canadian accent and the quick talking. Getting a few minutes with Kevin Mitnick is not easy at HOPE, and I was trying to get through the material.

  11. Is it just me... by MrChuck · · Score: 5, Insightful
    or do others recall that this guy (mitnick) is an asswipe?

    Yes, I had problems with police imprisoning him with little recourse as they did.
    Yes, Tsutomu Shimomura is a yahoo who did a lot of stupid and bad things. The greatest was probably his aweful book written with "journalist" John Markoff (I enquote that because as he was ghost writing with Shimora, he was also writing articles that were supposedly objective yet never mentioned doing a book with one of the particpants of the story).

    [Shimomura was terribly impressed with his (own) computer security abilities, yet ran tools that had long been sources of security holes because it was convenient. ("I am a master of securing houses; all the world leaders come to me. So imagine my shock and outrage when I'd found that someone had lifted up my welcome mat and used the key I keep there to get in. I must hunt down this bastard and have my revenge.").]

    I was appalled that national ISPs would so readily turn over logs and access to their networks and their users information to a vigilant/yahoo.

    But no, I wasn't sorry that Mr Mitnick got his ass busted. He was no kiddie using youth as an excuse for poor judgement. He was a thief who rationalized stealing from people and companies by its electronic abstraction.

    No, I don't think Kevin's "cool". That he is someone who would steal my personal information because the people I had to give it to are idiots about securing it doesn't make it ok to do so. And it's felony when he then uses that information to buy things. I don't want him in the room when I pull out a credit card. I don't want him in a hotel where I use a credit card.

    Should the hotel be smarter? Sure. But the people who decry identity theft cannot also embrace Kevin Mitnick as one to be admired.

    He's an asswipe.