I just wanted to thanks for producing such a great security web site.
This site truly brought me into the computer security world, and thanks
to it, I'll be going on to a security internship next summer. I really
appreciate it.

I'm glad that you are doing well with your outside contracts, but what
ever happened to the mailbag? It used to be so funny to see all the
script kiddies "yellz0r" at you and try and push their views on others.
There was also the occasional intelligent letter, but either way I
really miss it.


Scott Coull

hey jp,

hope things are going well there in PA. i liked the mailbag, and you
haven't had it for awhile, so i was wondering if you had discontinued it.
whats the story? too busy with other stuff? good luck.

- nate

Yes, It's the return of the... "Ah, wait, no way, you're kidding, he didn't just say what I think he did, did he?" After a very long stretch with no mailbag, mainly do to the very hectic schedule that I've had, it's back! You can now once again look forward to reading our weekly mailbag every Monday morning with your first cup of coffee.


I am in the U.S. Air Force, and I've only been working the Comp. and Net Security for about six months. I find your web site truely inspirational!

As I try and become one of the best at what I do, I find myself behind a brick wall. The military does not have the funds for proper training, and I must learn the vast amounts of information on my own.

This is sort of an unusual request, but I'd like to ask you to "mentor" me in the security realm. I would like to learn the trade, and I'd like to learn from the best.

Information Assurance Manager

I left this guy's name out so that he doesn't get blasted by the likes of Peter Farrell. The military obviously has a "Don't Ask, Don't Tell" policy when it comes to incompetence as well. It's a shame that men like this SSgt. have to blindly seek out assistance due to lack of proper training. I hope that examples like this will serve as a wake-up call to our armed services.

Your editorial about Giga Information Group hiring Kevin Mitnick is
right on the money. I wanted to say thank you from all the legitimate
security people in the industry. We can't allow this guy to be turned
into some sort of rock star. That only encourages others.

Thank You

Aaron Armstrong

LAN Operations


Exactly. Why is it so hard for people to understand this?

John Vranesevich:

Glad to see you speaking out on this issue.

I sent the following in early March 2000 to a number of Senators involved in
sponsoring Mitnick's testimony before the US Congress. Not many spoke out
then. As one who has had the privilege of testifying before Congress on the
subject of computer security in the past, I am deeply affronted by Congress
paying homage to unrepentent criminals and violators of the public trust.

"Senator Bennett:

It is outrageous that the U.S. Congress continues to glorify the hacker
community by asking Kevin Mitnick and other felonious characters to testify
before it. What hackers are doing and how they do it are no mystery. Many
qualified and credentialed security professionals can provide that
information. It only serves to inspire that cult and other global
adversaries by its naivete and the notority it provides. Must we continue
the ill-advised and failed initiatives of the past thirty years by repeating
the same mistakes? This is a deadly serious issue, not to be clouded by
political agendas and publicity seekers. Time is running too short for this


Bob Campbell

Managing Director

Peak Consulting

Yet another enlightened soul

For being in the field of computer security for so long I would think you would know more. Kevin did not want recognition he was looking for software. He was exploring and he was mainly a social enginerer. By the way. What does it matter to you. He'll be one of the most watched workers for a computer company as soon as he's off probation. E-mail me if you want but you probably won't bother.

- teclord

Keep reading....

Man, I just readed that article on kevin mitnick being called an Expert.
I cannot figure how you manage to be so lame. I mean everyone knows that
knowing your enemies'way is the best protection. By the way, Mitnick
wasnt a lame kid like mafiaboy, he was a master at social engennering
and a lot more.

- no carrier

I don't understand what the big deal is when it comes to "Social Engineering". And what the hell kind of terminology is that, anyway? In the past, these people would be called "con artists", "bullshitters", or "habitual liars". Hackers now call it "Social Engineering". It's kind of like calling a garbage man a "Sanitation Engineer". He still doesn't do anything more special than haul away trash for a living.

i have been watching you for some years now, and have had a great time
doing so... your efforts are both unique and progressive. I applaud you
for taking stances on issues that most people on either side of our
community disagree with.

However, I have to draw the line with today's latest Kevin bashing. It
makes you look like you have some personal bent against him. He has paid
his debt to society, and should be able to acknowledge his past and use
that to pad his present and future. Your comments about hiring criminals
is both short sighted and disturbing. I suppose that you never heard of
a noteworty criminal making a contribution to society, take G Gordon
Liddy for example. I think that you should concentrate security issues
and let Kevin live his life out however he wants. I know that not one
person will rethink hiring him becuase of this article. In fact by
mentioning him at all you are helping to ensure that his name and myth
stays abuzz that much longer.

-Travis Kunce

Harvard University

To each his own I guess. You aren't the first guy to find comments that I make disturbing. Truth be told, Mitnick has been in and out of prison his entire life. We'll see how long he lasts this time...


I have never had any interest, or knowledge concerning computer sucurity or hackers.

I just finished reading Vanity Fair's article about "Invisible Enemies".
I couldn't put the article down, which proved to be a problem because I began
reading it in my bathroom! Aside from a fanny that felt quite numb, I
suffered no ill effects. The article stimulated my mind and got the old
juices going...I was thinking about something besides the laundry , my
husband's work schedule, and my diet.

How facinating! The entire scenerio of what goes on tracking down
computer crackers reminded me of a cyberspace version of a detective story or
spi novel...and all true! I was impressed with what goes into the whole
operation; having to know all the hacker lingo, and being "cool" and
confident enough to fool people on the net to believing you are who you
aren't. I was amazed at how John would be working two computers at once.
It was all great! And how impressive that you have the attention and respect
of our nation's top security agencies!

Good job, John Vranesevich! As I read your bio, and how you were raised
by your mom...I was reminded of my own life with my only son. I raised him
alone. (This is my second husband.)

You even remind me of my son. He, too, is kind of loner, sensitive, quiet,
and into computers. I picture him having done something like this, if he had
thought of it! I'm going to cut out the article and mail it to him. He'll
be so interested in it!

Well, keep up the good work, John. Be careful, and be safe.
The same goes for Brad. Your entire staff must be quite intellegent, moral,
and adventurous. God be with you all!


Even months after it was published, I'm still getting letters like this about the Vanity Fair Article. It's nice to know that I can make people feel all warm and fuzzy inside while they're on the shitter.


I read the Vantity Fair article (June '00) and just was in amazed by your
expertise and wisdom with the computer!! When I was a jock, I was very
friendly with the "nurds" who helped me out with the academics. I always
wanted to be as smart as them. When someone would bother them I would always
step in. Brain wisdom is much more impressive to me than running with a
football or physical attributes....

I know you are busy, but I would be honored to hear from you.

Thanks for just reading this.....Gary

Um, OK.... Three cheers to the dumb jocks of the world who helped to protect weak little nurds like me.


My name is Bjorn Arenoe and I'm a business student at the "Erasmus" university in Holland (4th grade). I saw the news today and I wanted to reply at some issues that G. Bush put forward...
So, I tried to find his central web-site...

That seemed to be http://www.georgewbush.com/

BUT, to my surprise, there's none ( I really mean NONE ) possibility on this site, to send him a personal e-mail. Is that a typical republican attitude? It certainly seems so! There's so much about his political standpoint that I don't agree with !!!

I would like to tell him that. Is there any way I can find his personal email via this site?

Thanks in advance,


Honestly now, why in the hell do people send me e-mails like this? At any rate Bjorn, just do what I'm going to do, vote for Gore.

Hey John,

Cool article in US News and World report. I like seeing computer
experts in Jeans. Ties are the root of all that is evil.

I hear that. I am proud to say that I'm one of the very few people that has ever stepped inside of CIA Headquarters wearing jeans, a t-shirt, and ankle socks.

Today I received the 8/28/2000 issue of U. S. News & World Report, the one
with the cover story "The Dark Side of the Internet." The story really hit
home for me. In April my AMEX card number was stolen. The thief used it to
set up an account with GTE for online services. After the fraud showed up on
my billing statements, I contacted AMEX who then contacted GTE regarding the
fraud on my behalf. GTE did not close the fraudulent account immediately and
the thief continued to accrue thousands of dollars in charges. After being
sent a bill directly from GTE, I called them up myself. They intimated that
I was lying to them when I told them this was all fraud. After all, they had
my correct name, address and credit info. I have since contacted the FTC,
NYC police, and the credit bureaus. I guess this is a round-about-way of
asking 1) how did the thief's get my name, address, and credit information
if I only used "secured" sites 2) is there any documentation out there about
thief's also stealing address info. that I might use to convince GTE of the
fraud, and 3) any other ideas on how to deal with GTE?

Are there any steps a merchant can take to prevent fraud like this? It would
seem to me that it would be in their best interest to verify that account
information is authorized by the user. Also, it seems to me that merchants
should have some type of duty to protect the information of their customers
and also a duty to protect innocent people from fraud committed on their
sites. I, for one, have no intentions of paying for their mistakes or lack
of vigilance. What about the issuers of credit cards -- do they have a
responsibility to ensure that the merchants they issue accounts to follow a
rigid set of criteria in verifying credit info. ?

Also, I want to state that AMEX has still not come to a resolution of my
case. It has been more that two billing cycles. It doesn't seem to me that
they are doing anything because they have not initiated contact with me since
June, although I have sent them correspondence and made phone calls. I was
heartened to read that at least AntiOnline is doing something to police the

Thank you.


First of all, don't even bother to deal with GTE. It's American Express that you need to be dealing with. When you call them up and get a representative, immediately ask them to transfer you to their "Fraud & Abuse Department". The representative will have no idea what in the hell you're talking about if you try to explain your situation to them, so don't even waste your time. Go directly to the F&A Dept. The hacker probably got your name, address, and number from some online store that asked you for all of that info, then stored it in a database that the hacker managed to steal. Just mention to F&A that you do a lot of online shopping. You won't be responsible for a penny of the charges that were not authorized by you, so don't worry about that. I hope this helps!