Oh, the Irony
Comments: 16
Kevin Mitnick has a company now called Defensive Thinking. It’s a security consultancy. Twice in the past two weeks hackers have broken into the site and left messages. Oops.
Vandals deface ex-hacker Mitnick’s site
By Robert Lemos, CNet“The consequence of the attack was insignificant to us, but could have been worse if the person had real malicious intent,” Mitnick, now an independent security consultant, said in a forum on his Web site. “I did, however, install all the latest patches to prevent the same exploit from working in the future. I suppose it was kind of a wake-up call.”
[…]
The server ran on Microsoft’s popular Internet Information Server, but didn’t have all the patches applied, the security consultant readily acknowledges.
•••
Posted to Computers • 2003.02.11 (Tue) • 22:16
Comments
Posted by Tomas 2003.02.11, 22:56
Mitnick was never about, and his company isn’t about, hands-on computing security. Mitnick used social engineering to break into places and computers, not hax0r skillz.
It’d have been more ironic if someone would have attained access to his servers by getting to know a janitor at his company who happens to have found a note with a password on, or something like that..
Posted by Erik J. Barzeski 2003.02.11, 23:48
That is some of what he did, not all of it (social engineering).
Posted by vis10n 2003.02.12, 00:57
But this is all about social engineering: someone was able to brainwash Mitnick (and a whole lot of others) into thinking that using MS products was safer than just posting their data to a BBS.
I mean… who needs a complacent janitor when you have a complacent IT department?
Posted by tomas 2003.02.12, 04:43
vis10n: touche.
Posted by Ryan Carter 2003.02.12, 04:44
At any rate, you gotta figure that the guy has some catching up to do.
Posted by Laniac 2003.02.12, 07:43
There’s quite a difference between being a haxor and knowing how to run a proper defense against haxors.
Posted by MonkeyBoy 2003.02.12, 08:48
Actually, they’re called “crackers” not “hackers”. Sadly the Hollywood bull runs deep. A “hacker” is a programmer.
Kevin deserves what he gets when his security company choses to use Windows servers. Yawn.
Posted by Mike 2003.02.12, 12:18
Kevin himself still refers to what he did as “hacking”, and mentions that he’s the most notorious “hacker” in the world.
People who get their panties all in a bunch about hackers vs. crackers are the same type of loonies that bitch and moan about how Linux is just a kernel and the OS is actually called “GNU/Linux”.
Posted by Tomas 2003.02.12, 17:44
Mike: The hacker vs. cracker issue is even pathetic. Who’s to say that the very, very, few who makes the distinction between the two is more right than the by far more who doesn’t? It’s not just media, it’s everybody, just about.
Btw, Cracker, to me anyway, is one who cracks software.
Posted by MonkeyBoy 2003.02.12, 18:50
Yeah sure, I’m getting my panties up in a bunch, but someone needs too. I just hate to see language degenerate in this way. For instance the word “sophisticated” actually means to mislead, not to be clever/complex etc. as many use it today.
Posted by Matthew Aaron 2003.02.12, 22:53
On Mr. Mitnick and other [cr/h]ackers… not sure if you guys are aware but the man is currently fighting to sell his movie rights, which had been previously denied for a period of ten years following his release as a condition of his release. I wonder if they’ll include ^ this news before the rolling credits?
“Kevin Mitnick was released from jail and able to use a computer for the first time eight years later. Wasting no time, Mitnick established the computer security company ‘Defensive Thinking’ which has been exploited by hackers at least twice weekly since its launch.”
Posted by MonkeyBoy 2003.02.13, 01:36
Probably not. Most likely we’ll see him sleeping at his computer with green streaming characters projected onto his face from his cancer inducing monitor.
Knock knock Kev.
Posted by A Guest 2003.02.13, 02:18
“You’re saying I can install patches to my IIS?” “I’m saying, that when you use a different web server, you won’t need to.”
Posted by Mike 2003.02.13, 09:12
LOL. It is kinda funny to hear that Mitnick, the uberhacker extraordinaire, is using MS Winbloze IIS.
I gotta admit… I lost some respect for him when I he’s using IIS.
Posted by no1son 2003.02.14, 06:51
testing comments fixes
Posted by sam 2003.02.18, 17:03
Don’t be so hard on the guy, he had just taken control of the servers from friends who had been managing it for him while he was unable to do so himself. He cheerfuly admitted that he hadn’t installed patches because he hadn’t gotten around to it yet, and that he deserved what he got.
Also, keep in mind that he was using a security technique known as a ‘demilitarized zone’ where the webserver was outside of the secure firewalls protecting the main servers. Its ok if the webserver is compromised, because getting into the webserver doesn’t mean you have access to the more tightly secured inner boxen. All he has to do is rsync the backup onto the webserver, and the modified files are long gone, with no risk to his main servers.
And as far as the hacker/cracker business, its silly to argue about too much, but in the sense that hackers go through source code to find vulnerabilities, then write software to comprimise those vulnerabilities, mitnick was a hacker. He wrote his own software, and dug through source code he aquired. He wasn’t trying to register or comprimise specific applications, it was servers and telecom he was after, which is more hacker territory than cracker territory. The lines blur, but I think mitnick is generally regarded as a hacker. and yes, he used social engineering to do some of his work, but he was also a highly skilled computer programmer, and used that as well.
peace, sam
Post a comment:
Send This Story to an Enemy
• • •
