Mitnick to help protect banks
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Mitnick to help protect banks

  1. #1
    T̙͓̞̣̯ͦͭͅͅȂͧͭͧ̏̈͏̖̖Z̿ ͆̎̄
    Join Date
    Dec 2004
    Posts
    3,171

    Mitnick to help protect banks

    The 41st Parameter hired Mitnick to test the strength of its new TimeDiff Linking technology by attempting to foil the system and mount a successful phishing attack. Mitnick told TechNewsWorld that he has crossed over the to "good side" to use his knowledge of computer and security vulnerabilities to show companies their security weaknesses.

    "For banks and other e-tailers, phishing is a primary concern. I've tested The 41st Parameter's technology and I found that most phishers will become extremely frustrated because of the difficulty of impersonating a legitimate customer," Mitnick said. "Given enough time, effort, and resources, any system can be broken, but the effort to break this technology is too time consuming."
    http://www.technewsworld.com/story/45039.html
    Technology News: Security : Anti-Phishing Firm Hires Infamous Hacker

  2. #2
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    they could have found a better hacker than mitkick, he is an awesome social engineer, and a good hacker, but there are MUCH better. But none with as big of a name as him...thats why they picked him. hey are going to sell the software by saying "Even mitnick couldnt hack this" and then some random person is going to bust it and these banks will be back at square 1.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  3. #3
    Banned
    Join Date
    May 2003
    Posts
    1,004
    hey are going to sell the software by saying "Even mitnick couldnt hack this"
    Yeah, like the new Microsoft usability slogan: "Even Mitnick could install this!" in response of course to his inability to navigate the myriad of point and clickery that is lockdown.exe.

    cheers,

    catch

  4. #4
    Member
    Join Date
    Apr 2005
    Posts
    97


    A singular name in a troop of hackers do not make the hacker capability defined. But then again, Mitnick had the guts to go public and reveal his exploits, others simply lurk in the shadows and then wail "WHY NOT ME???" when someone get's noticed and whose services get engaged by paying outfits.

    But....

    does it really follow that the best troubleshooter is the troublemaker?

    does the best warrior makes the best peacemaker?
    Si vis pacem, para bellum!

  5. #5
    In And Above Man Black Cluster's Avatar
    Join Date
    Feb 2005
    Posts
    912
    Well-organized scenario .... I wounder how much money has been spent on this .... huh! .... it is really easy to make a mercenary a little confessor or a story-teller ....

    I don't believe in such things .... inference: Money has taken its toll in this issue, I believe.
    \"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts\".....Spaf
    Everytime I learn a new thing, I discover how ignorant I am.- ... Black Cluster

  6. #6
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177

    Respect.exe!

    Originally posted here by catch
    Yeah, like the new Microsoft usability slogan: "Even Mitnick could install this!" in response of course to his inability to navigate the myriad of point and clickery that is lockdown.exe.

    cheers,

    catch
    ROTFL. Lockdown.exe indeed.

    "Lockdown.exe can failed to run. Error: Cannot locate accepted-appeal.dll"


    As I've said before, the only real reason for a company to make big press about using a "hacker" (see: note below) for security testing is PR. And not being very amiable to the hype-culture that the US has evolved into, I can say I hate this crap.

    * NOTE: my use of "hacker" in this post is to be considered an alias for malicious cracker/script-kiddie with highly recognized public profile
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  7. #7
    Senior Member genXer's Avatar
    Join Date
    Jun 2005
    Posts
    252
    As I've said before, the only real reason for a company to make big press about using a "hacker" (see: note below) for security testing is PR. And not being very amiable to the hype-culture that the US has evolved into, I can say I hate this crap.

    * NOTE: my use of "hacker" in this post is to be considered an alias for malicious cracker/script-kiddie with highly recognized public profile
    Right - I went to Mr. Mitnick's website for his business me'ah:

    http://www.mitnicksecurity.com/index.php

    And am confused - what really are his qualifications for selling what he sells? I mean there are threads and threads on this site with people looking to gain formal education, certification and recognition of their skills and there is a myriad of people here with many titles and acronyms after their names - how does that compare to someone nabbed for a failed hacking attempt who is great with social engineering?

    Also - in the article they mention that Mitnick used "sequel injection" as part of his testing. I take it they meant SQL Injection?

    Well - as I don't have the skills as most of you do - yet - back to the books and SOX testing prep.

    BTW - Anyone else "love" SOX testing? Oh yeah - it ROX. But wait, I still get paid - so it does ROX.
    \"We\'re the middle children of history.... no purpose or place. We have no Great War, no Great Depression. Our great war is a spiritual war. Our great depression is our lives. We\'ve all been raised by television to believe that one day we\'ll all be millionaires and movie gods and rock stars -- but we won\'t. And we\'re learning slowly that fact. And we\'re very, very pissed off.\" - Tyler (Brad Pitt) Fight Club.

  8. #8
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Originally posted here by genXer
    Right - I went to Mr. Mitnick's website for his business me'ah:

    http://www.mitnicksecurity.com/index.php

    And am confused - what really are his qualifications for selling what he sells? I mean there are threads and threads on this site with people looking to gain formal education, certification and recognition of their skills and there is a myriad of people here with many titles and acronyms after their names - how does that compare to someone nabbed for a failed hacking attempt who is great with social engineering?

    Also - in the article they mention that Mitnick used "sequel injection" as part of his testing. I take it they meant SQL Injection?

    Well - as I don't have the skills as most of you do - yet - back to the books and SOX testing prep.

    BTW - Anyone else "love" SOX testing? Oh yeah - it ROX. But wait, I still get paid - so it does ROX.

    They seem to think his notoriety is qualification enough, plus whatever value his company can provide...he has to have people working with him...some of them might be damned talented. I'm not saying he is not, but he had a lot of catch-up to do when he finally got out of the clink. He is probably more of a 'big idea' person now with insight into the human problems and such. I don't know, I don't know him or his life at all. But somehow I doubt he is an uber-hacker (both good AND bad uses of that 'h' word apply here).

    P.S. SOx = SUX!
    P.P.S. SOx = Job Security...
    P.P.P.S. Job Security = ROX!
    you do the math...
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  9. #9
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Originally posted here by zencoder
    P.S. SOx = SUX!
    P.P.S. SOx = Job Security...
    P.P.P.S. Job Security = ROX!
    you do the math...
    Zen, buddy, I am unsure who I hate the most right now. It's a coin toss between Lawyers and Auditors.

    Cheers:
    DjM

  10. #10
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Originally posted here by DjM
    Zen, buddy, I am unsure who I hate the most right now. It's a coin toss between Lawyers and Auditors.

    Cheers:
    Always the lawyers. Often, an auditor used to be ONE OF US, at least.

    Q: Why don't sharks attack lawyers who are in the ocean?
    A: Professional Courtesy.

    Q: What the difference between a dead lawyer and a dead dog in the middle of the road?
    A: The skidmarks before the dog.

    Q: What do you call 10 lawyers buried to the neck in the sand?
    A: Not enough sand.

    Q: What do you call 2000 lawyers on a sinking ship with no lifeboats?
    A: A good start.

    Q: If you are lost on a deserted island with only a handgun holding 3 rounds, accompanied by Adolph Hitler, Jeffrey Dahmer, Saddam Husein, and a lawyer, do you go for the "two in the body, one in the head" routine, or do you shoot the lawyer in the head all 3 times?


    Besides...there are some things even an AUDITOR won't do for money...





    For any of my JP cohorts around, please don't take this personally. It's a developed aversion to specific types of attorneys...it's just fun to target the whole group.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides