Hacker News new | comments | show | ask | jobs | submit login
Kevin Mitnick & Dan Kaminsky rm -rf (r00tsecurity.org)
49 points by Steve0 2976 days ago | hide | past | web | 15 comments | favorite

Kaminsky's mail spool over 5 years has been getting emailed around for months already. Poor guy. :-/

Mitnick is nothing new, and he is smart enough to keep all of his personal stuff off of his webserver. If you are a security professional who has any kind of a public name, that's just common sense. Who cares if your website gets owned? Just keep backups. What really hurts is having your personal life and the lives of those close to you exposed and spread all over the net.

The funny thing is, despite claiming to loathe the security industry, those who commit acts like this are its most effective promoters.

They only loathe the security industry because they feel that those in it are incompetent. You say "effective promoters", they would reply "promoting what? the illusion of security that security companies give?"

I think their other point makes a lot of sense - It's in the security industry's interest, to keep things insecure.

Just as it's in the anti-virus companies interest to keep the threat of people getting a virus high. If no one ever got a virus, no one would buy anti-virus software.

There will always be new software, and software is insecure by default. You don't have to avoid securing the software that already exists to guarantee that you'll still have a job in the security industry tomorrow.

Drive OpenBSD next time... rather than a head-on collision with multiple fatalities, it'll just be a small bump in the road.

Does anybody with more time or understanding of this document know how those boxes were exploited? What lessons, if any can we learn from other peoples mistakes?

Generally when people post their cute hack-logs they remove anything that would give any information as to how it happened. They aren't interested in showing off how they did it so much as that they did it. It's all part of the hacker-kiddie posturing.

I mean, who would respect you if they learned all you did was figure out that someone had a weak root password by brute forcing it?

I don't know about respect for the hacker, but I can't believe that anyone who pretends to be a security professional can get away with weak passwords if that's the case here (and presumably for astalavista).

My confidence in their ability to know their stuff drops.

Why bother with the complicated stuff when you can walk right in the front door?

"Does anybody with more time or understanding of this document know how those boxes were exploited"


"What lessons, if any can we learn from other peoples mistakes?"

That nobody is safe, that everyone, everywhere is owned; these guys are gonna take your balls. Their gonna send one to the LA Times, one to the New York Times, press release style. Look, the people you are after are the people you depend on: we cook your meals, we haul your trash, we connect your calls, we drive your ambulances, we guard you while you sleep. Do not fuck with us.

~ skalar <skalar@autistici.org>

"Do not fuck with us."

So that's why you guys are still virgins. ;) Flaming a legitimate question does not make you friends.

I believe it was an attempt at a Fight Club reference.

I sincerely hope that's the last time I hear "lolz" on HN, too.

The firewall here does NOT like that domain. Anyway, it's a dupe: http://news.ycombinator.com/item?id=730664

Applications are open for YC Winter 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact