Feeds

back to article Security elite pwned on Black Hat eve

On the eve of the Black Hat security conference, malicious hackers posted a 29,000-line file detailing embarrassing attacks that took complete control of servers and websites run by several high-profile security researchers, including Dan Kaminsky and Kevin Mitnick. The file posted on security mailing lists claimed to have …

COMMENTS

This topic is closed for new posts.

Link to zf05

This article isn't complete without a link to the pwning document! http://seclists.org/dailydave/2009/q3/0047.html

0
0
Grenade

Where do clouds go when they die?

"I was actually surprised that the other people would keep their email and work data on an internet-facing host."

The internet may be great for ephemera and shopping but you really wouldn't want to put anything halfway important anywhere near it.

0
0

This post has been deleted by a moderator

FAIL

Idiots

"I was actually surprised that the other people would keep their email and work data on an internet-facing host."

Yes, and idiots putting vital systems on internet-facing hosts (or networks) are the reason that the Merkins are so concerned about their power network being hacked. Honestly, if it's not for public use, don't put it on (or immediately behind) a public network!

0
0
Megaphone

The lesson is that the key to computer security is prison

effective policing and punishment for computer criminals.

Careful coding and configuration on their own just cannot be effective enough on multipurpose computer systems, they are just too many lines of code, to many interfaces, and too many continuing changes, for coding and configuration to ever be 100% effective.

Computer criminals need to be tracked down and put in jail.

I was just looking over Kevin Mitnick's bio in Wikipedia. He who lives by the sword, dies by the sword it seems.

0
0
Anonymous Coward

Define the length of "keep".

"I was actually surprised that the other people would keep their email and work data on an internet-facing host."

What does your mail server do? Shout silently into a box?

0
0
Silver badge
Coffee/keyboard

@John Dee

You, sir, owe me a new one of these.

0
0
Boffin

@Jason Togneri

The US power grid isn't on or connected to the public network. What happens is people come in to work on the isolated SAC systems, and connect their laptops to the internet over (say) a 3G card.

0
0
Paris Hilton

@Keith T

Like the security on your house, there may well be ways in, and possibly ways which you'd not considered. Regardless of that, though, you'd still lock your doors and shut your windows before you left the house, right? If we accept that criminals will always be with us, regardless of how many laws we get our governments to write, then we also need to take at least basic steps towards keeping our possessions secure.

As regards where you keep data, hackers aren't the only risk to your server. Lightning strike, fire, flood, or simple anno domini on your hard disk are a lot more likely to lose your data. So although the hacker may be the one who wiped the data in this instance, any permanent loss of data is due to a failure on *your* part.

And sure, if someone's deliberately bollixed your system, then being able to arrest them would be nice. However it's not always possible. That's not "possible" as in "practical use of time", but "possible" as in "physically able to do it". In some cases (regimes in China, Burma, Egypt or Saudi Arabia which will happily violate anyone's human rights) being unable to trace someone online is a good thing. In other cases (idiot script kiddies) it's not.

Paris, because she's got multiple online backups of her home movies and pics

0
0
Silver badge
Coffee/keyboard

@John Dee

Wow man, my coffee.

Seriously, OF COURSE stuff out there is Internet-facing these days. It's just too useful to use the open network, like using Social Security Numbers for unique id purposes.

To make stuff safe, we have VPNs, firewalls and "separate backends". Also, people who are knowledgeable in writing good code.

0
0
FAIL

Who?

What I've never understood is why someone who ripped off payphones over 20 years ago is described as "Security elite". And why pwning them is anything other than sad. It's like proving how tough you are by beating up pensioners.

0
0
FAIL

Im so sad .. not!

He is a dork anyway, but this confirms anyone can *claim* to be a security researcher, even if they have no idea about security.

0
0
Thumb Up

More ned for internet security

the growing world of world wide web is also giving fodder to malicious activities and posing security threats for the main reason that its very easy to keep identity under wraps in this virtual world something needs to be done on this issue to keep a better control

Samantha

www.Aafter.com

0
0
Alert

Did we just get spammed?

(AC "Samantha” @ 5:26)

Anyway, Mitnick never impressed me but he's spot on about not putting important stuff online if it doesn't need to be immediately publicly accessible. There's a reason that I use encryption for stuff I really care about and keep anything that's not trivial on offline storage. *eye roll*

0
0
This topic is closed for new posts.