

Kevin Mitnick & Dan Kaminsky rm -rf - Steve0
http://r00tsecurity.org/files/zf05.txt

======
tsally
Kaminsky's mail spool over 5 years has been getting emailed around for months
already. Poor guy. :-/

Mitnick is nothing new, and he is smart enough to keep all of his personal
stuff off of his webserver. If you are a security professional who has any
kind of a public name, that's just common sense. Who cares if your website
gets owned? Just keep backups. What really hurts is having your personal life
and the lives of those close to you exposed and spread all over the net.

------
Dilpil
The funny thing is, despite claiming to loathe the security industry, those
who commit acts like this are its most effective promoters.

~~~
Seiwynd
They only loathe the security industry because they feel that those in it are
incompetent. You say "effective promoters", they would reply "promoting what?
the illusion of security that security companies give?"

~~~
axod
I think their other point makes a lot of sense - It's in the security
industry's interest, to keep things _insecure_.

Just as it's in the anti-virus companies interest to keep the threat of people
getting a virus high. If no one ever got a virus, no one would buy anti-virus
software.

~~~
derefr
There will always be new software, and software is insecure by default. You
don't have to avoid securing the software that already exists to guarantee
that you'll still have a job in the security industry tomorrow.

------
0wned
Drive OpenBSD next time... rather than a head-on collision with multiple
fatalities, it'll just be a small bump in the road.

------
jf
Does anybody with more time or understanding of this document know how those
boxes were exploited? What lessons, if any can we learn from other peoples
mistakes?

~~~
Periodic
Generally when people post their cute hack-logs they remove anything that
would give any information as to how it happened. They aren't interested in
showing off how they did it so much as that they did it. It's all part of the
hacker-kiddie posturing.

I mean, who would respect you if they learned all you did was figure out that
someone had a weak root password by brute forcing it?

~~~
redcap
I don't know about respect for the hacker, but I can't believe that anyone who
pretends to be a security professional can get away with weak passwords if
that's the case here (and presumably for astalavista).

My confidence in their ability to know their stuff drops.

------
eli
The firewall here does NOT like that domain. Anyway, it's a dupe:
<http://news.ycombinator.com/item?id=730664>

