Mitnick to help protect banks

Quote:

---

The 41st Parameter hired Mitnick to test the strength of its new TimeDiff Linking technology by attempting to foil the system and mount a successful phishing attack. Mitnick told TechNewsWorld that he has crossed over the to "good side" to use his knowledge of computer and security vulnerabilities to show companies their security weaknesses.

"For banks and other e-tailers, phishing is a primary concern. I've tested The 41st Parameter's technology and I found that most phishers will become extremely frustrated because of the difficulty of impersonating a legitimate customer," Mitnick said. "Given enough time, effort, and resources, any system can be broken, but the effort to break this technology is too time consuming."

---

http://www.technewsworld.com/story/45039.html
Technology News: Security : Anti-Phishing Firm Hires Infamous Hacker

they could have found a better hacker than mitkick, he is an awesome social engineer, and a good hacker, but there are MUCH better. But none with as big of a name as him...thats why they picked him. hey are going to sell the software by saying "Even mitnick couldnt hack this" and then some random person is going to bust it and these banks will be back at square 1.

Quote:

---

hey are going to sell the software by saying "Even mitnick couldnt hack this"

---

Yeah, like the new Microsoft usability slogan: "Even Mitnick could install this!" in response of course to his inability to navigate the myriad of point and clickery that is lockdown.exe. ;)

cheers,

catch

:D

A singular name in a troop of hackers do not make the hacker capability defined. But then again, Mitnick had the guts to go public and reveal his exploits, others simply lurk in the shadows and then wail "WHY NOT ME???" when someone get's noticed and whose services get engaged by paying outfits.

But....

does it really follow that the best troubleshooter is the troublemaker?

does the best warrior makes the best peacemaker?

Well-organized scenario .... I wounder how much money has been spent on this .... huh! .... it is really easy to make a mercenary a little confessor or a story-teller .... :p

I don't believe in such things .... inference: Money has taken its toll in this issue, I believe.

Quote:

---

Originally posted here by catch
Yeah, like the new Microsoft usability slogan: "Even Mitnick could install this!" in response of course to his inability to navigate the myriad of point and clickery that is lockdown.exe. ;)

cheers,

catch

---

ROTFL. Lockdown.exe indeed.

"Lockdown.exe can failed to run. Error: Cannot locate accepted-appeal.dll"


As I've said before, the only real reason for a company to make big press about using a "hacker" (see: note below) for security testing is PR. And not being very amiable to the hype-culture that the US has evolved into, I can say I hate this crap.

* NOTE: my use of "hacker" in this post is to be considered an alias for malicious cracker/script-kiddie with highly recognized public profile

Quote:

---

As I've said before, the only real reason for a company to make big press about using a "hacker" (see: note below) for security testing is PR. And not being very amiable to the hype-culture that the US has evolved into, I can say I hate this crap.

* NOTE: my use of "hacker" in this post is to be considered an alias for malicious cracker/script-kiddie with highly recognized public profile

---

Right - I went to Mr. Mitnick's website for his business me'ah:

http://www.mitnicksecurity.com/index.php

And am confused - what really are his qualifications for selling what he sells? I mean there are threads and threads on this site with people looking to gain formal education, certification and recognition of their skills and there is a myriad of people here with many titles and acronyms after their names - how does that compare to someone nabbed for a failed hacking attempt who is great with social engineering?

Also - in the article they mention that Mitnick used "sequel injection" as part of his testing. I take it they meant SQL Injection?

Well - as I don't have the skills as most of you do - yet - back to the books and SOX testing prep.

BTW - Anyone else "love" SOX testing? Oh yeah - it ROX. :p But wait, I still get paid - so it does ROX.

Quote:

---

Originally posted here by genXer
Right - I went to Mr. Mitnick's website for his business me'ah:

http://www.mitnicksecurity.com/index.php

And am confused - what really are his qualifications for selling what he sells? I mean there are threads and threads on this site with people looking to gain formal education, certification and recognition of their skills and there is a myriad of people here with many titles and acronyms after their names - how does that compare to someone nabbed for a failed hacking attempt who is great with social engineering?

Also - in the article they mention that Mitnick used "sequel injection" as part of his testing. I take it they meant SQL Injection?

Well - as I don't have the skills as most of you do - yet - back to the books and SOX testing prep.

BTW - Anyone else "love" SOX testing? Oh yeah - it ROX. :p But wait, I still get paid - so it does ROX.

---

They seem to think his notoriety is qualification enough, plus whatever value his company can provide...he has to have people working with him...some of them might be damned talented. I'm not saying he is not, but he had a lot of catch-up to do when he finally got out of the clink. He is probably more of a 'big idea' person now with insight into the human problems and such. I don't know, I don't know him or his life at all. But somehow I doubt he is an uber-hacker (both good AND bad uses of that 'h' word apply here).

P.S. SOx = SUX!
P.P.S. SOx = Job Security...
P.P.P.S. Job Security = ROX!
you do the math... :p

Quote:

---

Originally posted here by zencoder
P.S. SOx = SUX!
P.P.S. SOx = Job Security...
P.P.P.S. Job Security = ROX!
you do the math... :p

---

Zen, buddy, I am unsure who I hate the most right now. It's a coin toss between Lawyers and Auditors. :rolleyes:

Cheers:

Quote:

---

Originally posted here by DjM
Zen, buddy, I am unsure who I hate the most right now. It's a coin toss between Lawyers and Auditors. :rolleyes:

Cheers:

---

Always the lawyers. Often, an auditor used to be ONE OF US, at least.

Q: Why don't sharks attack lawyers who are in the ocean?
A: Professional Courtesy.

Q: What the difference between a dead lawyer and a dead dog in the middle of the road?
A: The skidmarks before the dog.

Q: What do you call 10 lawyers buried to the neck in the sand?
A: Not enough sand.

Q: What do you call 2000 lawyers on a sinking ship with no lifeboats?
A: A good start.

Q: If you are lost on a deserted island with only a handgun holding 3 rounds, accompanied by Adolph Hitler, Jeffrey Dahmer, Saddam Husein, and a lawyer, do you go for the "two in the body, one in the head" routine, or do you shoot the lawyer in the head all 3 times?


Besides...there are some things even an AUDITOR won't do for money...





For any of my JP cohorts around, please don't take this personally. It's a developed aversion to specific types of attorneys...it's just fun to target the whole group. :)

Quote:

---

Originally posted here by Egaladeist
http://www.technewsworld.com/story/45039.html
Technology News: Security : Anti-Phishing Firm Hires Infamous Hacker

---

"For banks and other e-tailers, phishing is a primary concern. I've tested The 41st Parameter's technology and I found that most phishers will become extremely frustrated because of the difficulty of impersonating a legitimate customer," Mitnick said. "Given enough time, effort, and resources, any system can be broken, but the effort to break this technology is too time consuming."

" Mitnick said. "Given enough time, effort, and resources, any system can be broken, but the effort to break this technology is too time consuming."

That's very un-mitnick-ish if you know what I mean, he even said himself: "every time some [developer] says, 'nobody would go to the trouble of doing that', there's some kid in finland who will go to the trouble. And not just in finland but in america, as well". The fact that they quote him on saying that is very odd, because either he is downright lying to the corporation he's working for, has lost it, or they are missquoting him.

This needs to be investigated further, it's very strange, but then again it may be exactly like a hacker to do this if he's not liable.

Quote:

---

ROTFL. Lockdown.exe indeed.

"Lockdown.exe can failed to run. Error: Cannot locate accepted-appeal.dll"

---

I was actually refering to this:

http://news.com.com/Vandals+deface+e..._3-984084.html

Where apparently neither he, nor anyone working for him could figure out how to apply lockdown.exe. For those of you unfamiliar with lockdown.exe:

http://www.microsoft.com/technet/sec.../locktool.mspx

This tool should take, at the very very most two minutes to install, even on your very first time. Basically it is like three sections of click on the bubble you want, how on earth this could take "a couple of hours" is beyond me.

cheers,

catch

Quote:

---

Originally posted here by catch
I was actually refering to this:

http://news.com.com/Vandals+deface+e..._3-984084.html

Where apparently neither he, nor anyone working for him could figure out how to apply lockdown.exe. For those of you unfamiliar with lockdown.exe:

http://www.microsoft.com/technet/sec.../locktool.mspx

This tool should take, at the very very most two minutes to install, even on your very first time. Basically it is like three sections of click on the bubble you want, how on earth this could take "a couple of hours" is beyond me.

cheers,

catch

---

That makes the real story even funnier! Thanks catch.