Amused by the fact that Kevin Mitnick’s web site has been hacked into twice already since his release a few weeks ago. Of course, the fact that his host was running unpatched IIS (for chrissake!) is not revealed until the second-to-last paragraph of the story.
Mitnick is pedestalized like he’s the great hacking guru of time, space, and dimension, but the fact is he’s been stuck in a time capsule for years and has much catching up to do to grok the current state of the art. Mitnick running a security company today is like bringing Michelangelo back from the grave and asking him to set up a CPU fab. The world has changed. Hacking has changed. The tools, environment, and culture of hacking have changed tremendously. He’ll catch up, but what a lot of egg on face. Yipes.
Unpatched IIS, for chrissake.
Nice to see the hacker scum eat their own once in a while. Hopefully they’ll be caught. Hopefully they were part of the “free Kevin Mitnick” crowd. I’ll be so amused.
-Jim
Ultimately, even back in the day, Mitnick was not the world’s most technical hacker. He was a master of the con game — social engineering.
Oh come on now, Scot; hacking hasn’t changed that much. I think the Michelangelo simile is a bit extreme. In 1995, when Mitnick was finally caught, the large majority of internet servers were running UNIX systems. The same is true now. The methods of cracking UNIX hosts have not changed heavily. Crackers still rely on exploitable buffer overflows in software.
In fact, the UNIX OS model has not been changed drastically for 20+ years.
The fundamental concept of the firewall hasn’t changed. TCP/IP itself has remained relatively stagnant — the (coming) adoption of IPv6 aside.
We all know social engineering works exactly the same now as it always has.
Really — the passing of 8 years didn’t bring about some kind of massive technology overhaul that has fundamentally changed everything in the computer industry and which would perplex a visitor from the year 1995.
You’re right, Len. Pardon my hyperbole. Thanks for the post.
I guess you’re being sarcastic, but that’s ok with me.
No Len, I’m really not being sarcastic. You are right and I thank you for your post. Seriously.
But come on.. IIS? On a security site? What’s up with that?
OK, I’m a llama. A llama. I really mean that, too. But using IIS in the first place? And unpatched, too? Even llamas know better.