Mitnick: Security Not about Technology

renai42 writes "Companies eager to tighten up their information security perimeters should focus not on technology but on teaching their employees how to say 'no', ex-hacker done good Kevin Mitnick told a full house at Toshiba's MobileXchange conference in Melbourne yesterday. 'We can't expect our employees to be human lie detectors,' Mitnick said. 'One of the most difficult challenges in corporate cultures is getting people to modify their politeness norms.'"

Re:Con-man gains fame at others expense...

[Creepy+Crawler]

Perhaps he can tell us how you tie a rope through a bar of soap.

Past that, this guy's a know-nothing who peddles snake-oil.

Schneider is someone who we should listen to. Cox is someone who we should listen to. Raadt is someone who we should listen to.

NOT, absolutely not, and I MEAN do NOT listen to people who gloss over a few psychology books and then apply them to surface technology. Any real sysadmin keeps information needed to harm a network FROM the users themselves.

After all, most users only want to get the job done. They dont give shit about the "corporate policy" and network/computer/personnel security.

Mitnick Schmitnick

[Icephreak1]

Man, Mitnick's line is the same old tired shit. Social engineering this, social engineering that. We know, Kevin, we're social creatures with common sense too. It ain't rocket science so much as it amounts to brazen begging with a bit of highschool drama pitched in.

Mitnick, you're so yesteryear. Get a fuckin' life.

- IP

Interesting

[Pan+T.+Hose]

"... ex-hacker done good Kevin Mitnick ..."

How do we know that he is good now? Because he spent few years in US prison and we know that all of the people, especially con artists after being imprisoned for years with violent criminals, always become honest, happy and completely "resocialised," never seeking any revenge? This is a serious question. I am not asking whether Mitnick should still be in jail. I am asking why are we so naïve to automatically assume that a mastermind con artist who believes to have been raped by the federal government and free press must be honest when he says he wants to help everyone (including said federal government) to improve their security. Is it wise to believe a self proclaimed "master of deception" so easily? Mitnick basically says: "I am a master of con artists and a computer hacker god. I never helped anyone before, never posted any patches, never written any useful software, but then I was unfairly put in jail with the most dangerous serial killers and psychopathic rapists, therefore I must be good now and I want to help people. Do you want me to increase your security?" To which we all gladly reply: "Of course! Here's my password!" Isn't that at least a little bit infantile in its naïvette? Because as much as I always said that Kevin was mostly a harmless kid before and during the foolish panic and the pathetic hunting, I am less sure about it now because I doubt there are a lot of harmless kids among those unfortunate enough to be unjustly deprived of their freedom and exposed to the most cruel and outrageous acts of violence, surely having to make a lot of deals with the most dangerous criminals and mafia to save their life and dignity. It makes me sick that people joke about rape in jail and not realise that violence and torture is not only a problem in Abu Ghraib and Guantánamo, but also in The Land Of Free. There are serious problems with the US penitentiary system and I believe that a master of con artists unfairly put into this horror who says that it made him good and honest and happy, is the last person in the world we should believe. That is my opinion.