Kevin Mitnick on SECURITY, & do I agree? How about YOU??
In SOME country, people are so dumb, that they give their password for candy bar. . . Can you say no, no?.
In SOME country, people are so dumb, that they give their password for candy bar...
Can you say no, no?
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
Responses to this topic
Quote:"What you can find in the trash is simply amazing," said Mitnick, holding up a "souvenir" from his earlier days: a printed directory listing the name, phone number, email address, direct reports and other information about every employee in the company."
Which is why any company that cares about safeguarding it's secrets shreds their data. I worked in a Message Center at an AF base for 4+ years handling classified information. ALL paper material had to be shredded with a shredder approved for destruction of classified material. Once it was shredded it was then put in a bin to be recycled or just thrown in the trash, once shredded it was safe. (No, not even the Penguin (AKA Danny Devito) would have been able to piece that stuff back together. )
Of course all it takes is one person taking a piece of paper home with certain information......This is why you constantly remind your users, have security clearances, and punish those people who do break the rules.
Quote:Modern technology is an enabler for such attacks: if a hacker can worm his way into a conference room for just a few minutes, for example, an wireless access point can be plugged into an out-of-the way network access point, providing an open back door into the network even when the hacker is parked outside the building
LOL. Only if the wireless network was wide-open. If so then it deserved to be "hacked".
Quote:"We can't expect our employees to be human lie detectors,
Errr...why not? Not only for IT but for any work environment. If someone you don't know questions you or ask you something that they don't need to know for some unknown reason, it's pretty obvious THAT THEY DON'T NEED TO KNOW. It's not necessary to worry if someone is lying to you or not, it's all about NEED TO KNOW. This is #1 on security clearance, doesn't matter if you have an TS/SCI, if you don't work there or don't have any relation to the work then you don't need to know.
Gee, I wish I could go around to conferences spouting common sense information. Yes, this is common sense people. You don't go around to every hobo on the street giving them your PIN number do ya?
Which is why any company that cares about safeguarding it's secrets shreds their data. I worked in a Message Center at an AF base for 4+ years handling classified information. ALL paper material had to be shredded with a shredder approved for destruction of classified material. Once it was shredded it was then put in a bin to be recycled or just thrown in the trash, once shredded it was safe. (No, not even the Penguin (AKA Danny Devito) would have been able to piece that stuff back together. )
Of course all it takes is one person taking a piece of paper home with certain information......This is why you constantly remind your users, have security clearances, and punish those people who do break the rules.
Quote:Modern technology is an enabler for such attacks: if a hacker can worm his way into a conference room for just a few minutes, for example, an wireless access point can be plugged into an out-of-the way network access point, providing an open back door into the network even when the hacker is parked outside the building
LOL. Only if the wireless network was wide-open. If so then it deserved to be "hacked".
Quote:"We can't expect our employees to be human lie detectors,
Errr...why not? Not only for IT but for any work environment. If someone you don't know questions you or ask you something that they don't need to know for some unknown reason, it's pretty obvious THAT THEY DON'T NEED TO KNOW. It's not necessary to worry if someone is lying to you or not, it's all about NEED TO KNOW. This is #1 on security clearance, doesn't matter if you have an TS/SCI, if you don't work there or don't have any relation to the work then you don't need to know.
Gee, I wish I could go around to conferences spouting common sense information. Yes, this is common sense people. You don't go around to every hobo on the street giving them your PIN number do ya?
Originally posted by dosfreak:
Quote:Which is why any company that cares about safeguarding it's secrets shreds their data. I worked in a Message Center at an AF base for 4+ years handling classified information. ALL paper material had to be shredded with a shredder approved for destruction of classified material. Once it was shredded it was then put in a bin to be recycled or just thrown in the trash, once shredded it was safe. (No, not even the Penguin (AKA Danny Devito) would have been able to piece that stuff back together. )
In past, I worked at city hall for couple weeks and all papers which were meant to be trashed, went through rather huge shedder. After that, sheddered papers were most likely burned.
And in the company where I am working now, they also shedder all classified and not so classified papers.
Quote:Which is why any company that cares about safeguarding it's secrets shreds their data. I worked in a Message Center at an AF base for 4+ years handling classified information. ALL paper material had to be shredded with a shredder approved for destruction of classified material. Once it was shredded it was then put in a bin to be recycled or just thrown in the trash, once shredded it was safe. (No, not even the Penguin (AKA Danny Devito) would have been able to piece that stuff back together. )
In past, I worked at city hall for couple weeks and all papers which were meant to be trashed, went through rather huge shedder. After that, sheddered papers were most likely burned.
And in the company where I am working now, they also shedder all classified and not so classified papers.
Originally posted by dosfreak:
Quote:Which is why any company that cares about safeguarding it's secrets shreds their data. I worked in a Message Center at an AF base for 4+ years handling classified information. ALL paper material had to be shredded with a shredder approved for destruction of classified material. Once it was shredded it was then put in a bin to be recycled or just thrown in the trash, once shredded it was safe. (No, not even the Penguin (AKA Danny Devito) would have been able to piece that stuff back together. )
That reminded me of this huge shredder we had in Norfolk, VA. You could put the entire "burn bag" on this conveyor belt and this machine would shred the entire bag. This thing didn't care. One particular requirement to work with this beast was a breathing mask. The paper got shredded to the point of dust. You could litterally fling the shredded paper in the air, and watch it float down.
Quote:Which is why any company that cares about safeguarding it's secrets shreds their data. I worked in a Message Center at an AF base for 4+ years handling classified information. ALL paper material had to be shredded with a shredder approved for destruction of classified material. Once it was shredded it was then put in a bin to be recycled or just thrown in the trash, once shredded it was safe. (No, not even the Penguin (AKA Danny Devito) would have been able to piece that stuff back together. )
That reminded me of this huge shredder we had in Norfolk, VA. You could put the entire "burn bag" on this conveyor belt and this machine would shred the entire bag. This thing didn't care. One particular requirement to work with this beast was a breathing mask. The paper got shredded to the point of dust. You could litterally fling the shredded paper in the air, and watch it float down.
Originally posted by dosfreak:
Quote:
Quote:Modern technology is an enabler for such attacks: if a hacker can worm his way into a conference room for just a few minutes, for example, an wireless access point can be plugged into an out-of-the way network access point, providing an open back door into the network even when the hacker is parked outside the building
LOL. Only if the wireless network was wide-open. If so then it deserved to be "hacked".
Actually what I think he was saying is that all a hacker would have to do is enter the building for just a few minutes and plug in his own WAP on an out of the way network port. Having read the book Mitnick put out around two years ago you quickly figure out what he is all about. He's all about the social aspect of security - not the tech aspect of it. In my opinion both aspects are just as important as either can lead to a penetration of security.
Quote:Gee, I wish I could go around to conferences spouting common sense information. Yes, this is common sense people. You don't go around to every hobo on the street giving them your PIN number do ya?
I'd like to join you. Some people are just inherently trusting and despite the risk they just don't and perhaps never will get it. Sad but true.
Quote:
Quote:Modern technology is an enabler for such attacks: if a hacker can worm his way into a conference room for just a few minutes, for example, an wireless access point can be plugged into an out-of-the way network access point, providing an open back door into the network even when the hacker is parked outside the building
LOL. Only if the wireless network was wide-open. If so then it deserved to be "hacked".
Actually what I think he was saying is that all a hacker would have to do is enter the building for just a few minutes and plug in his own WAP on an out of the way network port. Having read the book Mitnick put out around two years ago you quickly figure out what he is all about. He's all about the social aspect of security - not the tech aspect of it. In my opinion both aspects are just as important as either can lead to a penetration of security.
Quote:Gee, I wish I could go around to conferences spouting common sense information. Yes, this is common sense people. You don't go around to every hobo on the street giving them your PIN number do ya?
I'd like to join you. Some people are just inherently trusting and despite the risk they just don't and perhaps never will get it. Sad but true.
That's the point. There shouldn't be an open network port. In a properly secured network all unused ports are shutdown and those in use, use port security. Obviously shutting down unused network ports is a tedious task and requires some work, which sadly is why alot of networks are left open to attack.
Laziness is the mind killer unfortunately. heh.
Laziness is the mind killer unfortunately. heh.