Contributed by marco on from the OpenBSD-on-the-radio dept.
A mp3 excerpt is available of this quite ridiculous and hilarious interview.
This story was edited by the original poster since he didn't do his homework.
(Comments are closed)
OpenBSD Journal
Contributed by marco on from the OpenBSD-on-the-radio dept.
A mp3 excerpt is available of this quite ridiculous and hilarious interview.
This story was edited by the original poster since he didn't do his homework.
(Comments are closed)
Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]
By Anonymous Coward (70.27.15.123) on
Comments
By Erik Carlseen (68.6.193.220) on
Comments
By Anonymous Coward (70.27.15.123) on
Comments
By Erik Carlseen (68.6.193.220) on
Comments
By Anonymous Coward (70.27.15.123) on
Comments
By Anonymous Coward (70.27.15.123) on
Comments
By Anonymous Coward (202.45.99.9) on
By Anonymous Coward (202.45.99.9) on
By Anonymous Coward (202.45.99.9) on
Comments
By lars (203.65.245.7) on
By Shane J Pearson (202.45.125.5) on
Yes but there are limits to how much you can protect people and your company from themselves. Just recently I downloaded a beta firmware from a vendor website. My intentions being merely to read the release details text file to see whats happening in the development of this particular device. Up to this point, the company was obviously trying to keep the telnet password away from the customers, because there are dials accessible which, when tweaked by the ignorant, can damage the device configuration. Anyway the latest text file detailing the changes has the telnet root password left in it and lots of technical details which they obviously forgot to sanitize down to a bare minimum like they usually do.
I found it an interesting read and tinkering around inside the CLI as root was interesting too. I informed them of this and got a "thank you for the feedback" type email, yet a week or two later the file remains with the root password there.
They have stated before that they don't want customers playing in the CLI, the password could never be found in any doco or on the web and yet it only took ONE person to screw up. So I'm guessing that when that beta firmware "goes gold" it will also be with an updated password. BTW, the password was terrible. I probably could have guessed it if I had been determined, as it was a combination of brand name and model number with some substituted characters, like o for a zero.
So yes, the person factor will always be there, but you can't protect completely against it.
By Anonymous Coward (80.255.160.94) on
Comments
By Jace (12.199.169.62) on
Comments
By tedu (71.139.175.127) on
Comments
By Anonymous Coward (84.188.255.36) on
I think such comerce-crap shouldn`t get noticed at the undeadly-news if nobody puts the mp3 free avaiable somewhere (a place where people without an account can get it...)
I don`t see any free link there. All seams to be commercial and that is totaly fucked up.
Comments
By Anonymous Coward (67.64.89.177) on
Comments
By Anonymous Coward (84.188.255.36) on
Comments
By Nate (67.70.139.211) on
Comments
By Anonymous Coward (69.70.207.240) on
Comments
By Nate (65.95.125.69) on
By Gamera (86.193.154.145) on
And then things about him using it a lot.
That tells you a lot about the guy.
By Anonymous Coward (68.106.232.57) on
Comments
By Anonymous Coward (69.70.207.240) on
Comments
By GeekMan (145.99.249.60) on
By Me (203.10.110.131) on
really... ah ah ah... it's ah... ah it's a BSD Berkeley, but um it's a
UNIX variant" - Kevin Mitnick, Computing and Social Engineering expert.
Comments
By Anonymous Coward (156.34.223.129) on
My only problem with Kevin Mitnik is that I've never seen any evidence he is a 'computer security expert' (years ago perhaps, buy the standards of the day) -- perhaps a 'security expert' is less of a stretch. He should be more upfront about this fact.
Comments
By Anonymous Coward (212.254.168.247) on
Having partially read his book, I would say he certainly knew a lot about telco's and 80's/90's computer systems. Whether that is still relevant is open, however, his social engineering work was brilliant if nothing else and outed the crap policies which are still in use at major corporations today.
Comments
By Anonymous Coward (194.145.162.162) on
Comments
By Anonymous Coward (70.124.65.113) on
But he's just a "felon", right? That's the kind of thinking that has now brought us secret prisons and torture facilities.
Comments
By Anonymous Coward (128.171.90.200) on
Call me un-american but I think being held in prison for four months let alone four years without trial to be a basic abuse of human rights.
By Anonymous Coward (202.45.99.9) on
Comments
By Shane J Pearson (202.45.125.5) on
The question is regarding OpenBSD and OpenBSD deserves the sentences required to describe it and make sure the distinction is known. If someone asked me what OpenBSD was:
* An operating system is the glue software between the hardware, applications and users.
* UNIX is an operating system designed to allow multiple users to use a computer at the same time, often with different applications, which started life at the Bell Telephone Labs in the 60's. It was licensed to the University of California Berkeley for development, some of which helped to devise the foundation networking protocols used on the internet today. Eventually the licensing became free of monetary costs, given a very free licence for use and then was modified for use on cheap computers which were within the reach of the public.
* OpenBSD is a modern evolution of that software, which strives for local and network security and correctness of program code, among other things. Efforts which have shown OpenBSD to be one of, if not the most secure network operating system in the World, yet it is still offered free of charge and can be downloaded from the Internet for any particular computer type at around 150MB or less, depending on your computer type and what you need.
* OpenBSD is often compared with Linux and even mistaken as being a flavour of Linux. However although they seem similar both being UNIX like operating systems, they are very much distinct from each other in many ways, even besides the fact that they are completely different code bases. OpenBSD is developed as a complete system by the same dedicated developers. Linux on the other hand is a mostly useless operating system kernel by itself. It is developed separately to the many other software components which make up a complete usable Linux system. Various people and companies then put these components together the best way they see fit in their own distribution. As a result the quality of the multitude of Linux distributions available can vary a great deal, whereas OpenBSD has a very polished complete and consistent feel about it.
* OpenBSD also only allows source code to be included in the default system and not unknown 3rd party binaries which could corrupt stability or security. Relying on 3rd parties is a great way to find yourself at the mercy of those 3rd parties when they suddenly loose interest or worse still honest intentions. Even then where possible, the source code must be licensed under something as liberal as the truly free BSD licence and certainly not the restrictive GPL licence which accompanies much Linux and GNU software. The complete source code to OpenBSD is also of course available to anyone.
How hard was that? That takes me a bit over 2 minutes to read out loud at a leisurely pace. Anyone with a vague understanding could pay OpenBSD the respect it deserves. Saying something like "OpenBSD is a Linux variant, well not really, it's a BSD, but it's like Linux", is just a cop out.
Comments
By Anonymous Coward (193.63.217.208) on
1) Think you are talking about nuts
or
2) Think you *are* nuts
or
3) Start wondering when their favourite jingle will be played next
I won't defend Mitnick at all but he did talk on the same level as the audience is listening (Yes, I do think that radio audiences a usually hazy and uncertain about computers). Even your effort to dumb down OpenBSD still uses plenty of terms the radio audience doesn't get or care about.
Comments
By Shane J Pearson (202.45.125.5) on
You mean the 95% who were not ever going to try OpenBSD anyway?
You start talking about kernels
And of course the presenter would not query me at all about any specifics, right? Cause these tend to be one way conversations? Get serious. Giving this level of detail will be useful to some listeners. Giving very little detail will be of little use to everyone. There is nothing wrong with using terms that are new to people. It will provoke discussion and some into looking further into those terms and issues.
In reality, "Linux" is about as meaningful to those types as "kernel" in the OS context is. They might think they know what Linux is, but in reality, they don't. At least making the distinction will be thought provoking for those that would care. For those that don't care? Who cares.
Comments
By Anonymous Coward (131.104.175.17) on
Comments
By Anonymous Coward (202.45.125.5) on
I'm well aware of the fact that almost all forms of spectator entertainment around us, are really about getting eyes and ears onto advertisements to get products into peoples heads.
But if I am the person being interviewed on a radio station, I am not the advertiser and the advertiser is not paying me. If I'm asked about something like OpenBSD, I'll answer honestly as *I* see fit. If the advertiser and radio station does not like it, too bad, they'll have to deal with that in what ever way they can. A difficult task if it is a truely live show. But I think the truth is much more interesting than saying, "Oh this system you know nothing about is just like this other system you know nothing about".
Anyway, enough of this. I just think OpenBSD deserves a lot more than to just be placed into the "oh it's like Linux" category.
By Anonymous Coward (82.53.168.117) on
Pathetic!
Comments
By squeege (192.139.71.69) on
Mitnick has admitted himself that he is no computer guru, that his most notable exploits were achieved through social engineering.
That being said, he does have some idea of how a computer works; he was remotely breaking into Unix systems in the mid-90's.
The exploit that landed him jail time is well documented, and I would dare say it's sophisticated enough for him to qualify as a cracker. See links below:
How Mitnick Hacked Tsutomu Shimomura with an IP Sequence Attack (by Tsutomu Shimomura)
The Kevin Mitnick/Tsutomu Shimomura affair (Compiled by Chris Gulker )
Now, that's out of the way, so let me step on my soap-box:
You know, on the whole, I think the OpenBSD community is mature, well-intended and well-spoken; but when I see ridiculous posts (like some of those above) that totally bash someone based on opinion rather than fact, it's really disappointing.
The whole BSD is better than Linux diatribe, spelling it "Windoze" or "WinDOS", name-calling and all other juvenile / reactionary garbage seen on forums and mailing lists is totally counter-productive. You totally lose credibility when you stoop to that level.
I, and many IT professionals I know, just stop reading a post when things degenerate to that point... so ask yourself: what are you accomplishing if no one is taking you seriously?
Comments
By Anonymous Coward (143.166.226.19) on
Comments
By squeege (69.28.228.218) on
Imagine how people feel when they are personally attacked and called names for not sharing the same point of view on a topic; or when others have to wade through a bunch of immature bitching, rather than read intelligent and respectful exchanges of thoughts/opinions between people...
As for Mitnick's skills, it's all a matter of perspective; yes, by today's standard he might qualifiy as a script-kiddie - as with anything, computer security has evolved and gotten more sophisticated, so it's all relative.
By Anonymous Coward (70.27.15.123) on
Nobody is doing that. Maybe you should keep your bizzare mental problems to yourself? We really don't need to know about every random thing that comes into your head.
"I, and many IT professionals I know, just stop reading a post when things degenerate to that point... so ask yourself: what are you accomplishing if no one is taking you seriously?"
Well, it would accomplish making people like yourself stop reading, which is good. Hopefully you'll stop writing too. "boo hoo, I am a self important douche that thinks he's the only IT professional on the planet, and I can't handle seeing people prefer BSD to linux", get a grip. Lots of people are IT professionals, and lots of us make fun of retards like you for being annoying, whiney, pompous jackoffs.
Downloading and running exploit code doesn't make someone a cracker, it makes them a script kiddy. Mitnik relies on the misconceptions about his abilities to make money running nessus against people's systems.
Comments
By squeege (69.28.228.218) on
Have you actually bothered to read the whole thread? Or really listen to the Mitnick clip? Or visit the links I provided? (Doesn't look like it.)
Some people in posts above are blowing things out of proportion about Mitnick's slip of the tongue; others are going nuts over OpenBSD being lumped together with Linux. (Even though he caught his slip and corrected himself immediately and accurately.)
My point is that we don't need to resort to all this flaming over a harmless comment; what is it accomplishing?
You think Mitnick is a script-kiddie? Good for you. The SANS institute seems to disagree with you; but hey, what do some of the top people in the InfoSec field know about it?
No matter his level of technical savvy, he managed several notable exploits. Whether that is through social engineering or other methods, he got it done.
If you're such an expert on Mitnick - why don't you write a book to discredit him. Throw in a chapter on my mental problems while you're at it...
P.S. Did you notice I didn't need to do any name calling to answer your post?
Best regards,
Squeege
By Anonymous Coward (68.104.17.51) on
Comments
By Anonymous Coward (202.6.138.33) on
Who uses ubuntu in a multiuser environment? Go on, name one organisation.
Comments
By Anonymous Coward (68.104.17.51) on
Comments
By Anonymous Coward (202.6.138.33) on
More often than not Ubuntu users don't know anything at all about the OS.
By squeege (69.28.228.218) on
Trust me, if I had the choice, I would exclusively use OpenBSD; the reality is that what OpenBSD does, it does great - but it can't do everything I need to get my work done.
If OpenBSD had all the hacking tools, or a live CD like Auditor, Pentoo, WHAX, etc. I would not bother with Linux.
Why some people have to turn a matter of preference into a pointless shouting match is what I have a problem with.
There's nothing wrong with discussing these matters - but within the confines of respect; there's no good reason it has degenerate into name calling.
By Anonymous Coward (67.95.137.210) on
Comments
By Anonymous Coward (70.27.15.123) on
By Alan DeWitt (70.58.207.244) on
To all those folks here dismissing Mitnick as *just* a con artist, I would like to remind you that if a con artist is attacking your system your OS is irrelevant. OpenBSD may be highly resistant to technical attack, but technical safeguards are just one part of the security model. Con artists are likely to be the biggest threat to your system's privacy and integrity. Don't get complacent.
Comments
By Anonymous Coward (70.27.15.123) on
Comments
By Alan DeWitt (70.58.207.244) on
By Tyler Mace (24.208.119.74) on
Comments
By Anonymous Coward (82.53.168.117) on
Comments
By Amir Mesry (66.23.227.241) on
Comments
By Anonymous Coward (67.64.89.177) on
Comments
By sparky (68.148.192.129) sparky@stinkys.ca on
Comments
By Anonymous Coward (67.64.89.177) on
Comments
By Amir Mesry (66.23.227.241) on
By Ryan Russell (64.81.246.227) ryan@thievco.com on
Comments
By Anonymous Coward (130.179.16.26) on
I would like to know what his (Mitnicks) opinion is of the operating system OpenBSD.
Mitnicks response:
Well I actually use OpenBSD, so I do like it.
Then he goes on to say that OpenBSD is a Linux variant, but he corrects himself and says that it's a BSD.
He mentions that it has been developed with secure coding practices and that the OS is much more secure than the standard UNIX.
Then Art Bell mentions that allot of people who are really into computers really love that operating system (OpenBSD).
The caller was just asking a question (not baiting), If mitnick would have answered "What is OpenBSD?" then I agree that this would have been ridiculous and hilarious.
He knows about OpenBSD, he uses it, and likes it.
Most of the 4.5 million (EST. Wired, Feb 2006) listeners at two in the morning will probably never hear of OpenBSD again.
Maybe Mitnick knows security, maybe he doesn't. His interview, (and the one he did on the show a while back) speaks of basic security measures for windows (which is what his target audience is using). If his audience were of the CanSecWest type, then maybe we would see what he really knows.
Comments
By Anonymous Coward (67.64.89.177) on
By Jonas (85.226.192.15) on
Comments
By Anonymous Coward (67.64.89.177) on
By Anonymous Coward (63.19.147.223) on
By Roman (169.200.215.17) on
Comments
By Anonymous Coward (221.254.245.147) on