Comments on: Kevin Mitnick Web site hacked

Famed security consultant has tables turned on him when a hacker attacks his site, posts a vulgar message.

Add a Comment (Log in or register) (32 Comments)

My Name Is Earl

by Sparky672 August 21, 2006 7:55 PM PDT

...is a sitcom about "karma".

pretty funny too.

Like this Reply to this comment

Payback's a bitch
by August 22, 2006 7:12 AM PDT: This will keep me smiling all day :-); Like this

Here we go again

by Jackson Cracker August 21, 2006 9:12 PM PDT

Despite all the myths, Mitnick was not a hacker.

Like this Reply to this comment

Hacking
by 8ball629 August 21, 2006 11:26 PM PDT: Social engineering is a form of hacking.

He did exploit software vulnerabilities as well.; Like this View reply Hide reply
Processing

Hahahha
by RoboStone August 22, 2006 2:30 AM PDT: This is just getting here now? I remember someone posting it on a IRC channel I go to a day or two ago.; Like this Reply to this comment

Hahahha
by RoboStone August 22, 2006 2:31 AM PDT: This is just getting here now? I remember someone posting it on a IRC channel I go to a day or two ago.; Like this Reply to this comment

being stealth looking around and exploring?

by n3td3v August 22, 2006 6:36 AM PDT

kevin, you're one of the most unstealth, hence why everyone knows about you and you were behind bars.

you talk about attention seeking, but thats all you've done since you came out of jail.

there are bigger hackers around who are a lot more knowledged than you, that you have never heard of/ and never appear in public.

those guys are the real stealth and exploring folks, you're just going to be remembered in the underground as, the guy who got caught and milked your name for all its worth afterwards.

i've read your books, they don't talk about techniques that weren't already known about in the underground.

sure for academic folks you'll be giving them something they don't know about, but the homegrown hackers in the underground don't see you as anything special, apart from stupidly well known, because of media hype over the buzzwords "hacker", "fbi", "caught", "released", ""book"... thanks.

as for the defacement of your web site, its pretty funny that while you claim it wasn't your fault and your hosting company was insecure.

surely such a good hacker come security consultant would have picked a good company to host your website, since you're a *cough* expert and know which companies offer the best hosting in terms of security.

you can't scape goat all the blame towards others... and you say there was no sensitive information stored on your account, well they weren't looking for sensitive information were they? as far as the attackers are concerned, they hacked your web site in the knowledge they wanted to deface your site, and thats what they done. they didn't go damn, theres no sensitive infomration here, we'll just go for second best. no they went into the server with the intention to deface it, and thats exactly what they did... mission completed.

and you say being stealth looking around and exploring, but thats exactly what your attackers did. yes they left a defacement, but they still looked around and explored, and as far as i know, they haven't been caught, so it looks like they were stealth too.

enjoy milking out the rest of your post jail career...

i speak to mark seiden everyday, i believe you know each other ;)

peace

Like this Reply to this comment

So stop Feeding
by aabcdefghij987654321 August 22, 2006 6:58 AM PDT: Jesus H Christ SHUT UP. n3td3v you suck, your group sucks, and your posts suck. We are tired of you on FD, were tired of you ANYWHERE you go...You've got a lot of chutzpah demeaning Kevin, when you are just a pale imitation, just not as successful..; Like this View reply Hide reply
Processing


by deepthawt March 21, 2009 12:32 PM PDT: Gotta side with n3td3v on this, he as he makes a valid argument. An expert that knows which companies offer the best hosting in terms of security. LMFAO!

Kevin said he didn't have time to administer his own website, so why host out your firm to a third party server that could find itself in this embarrassing position?

Sorry, just an observational note as I thought hackers where supposed to stay on top of their game and why do people always whine and ***** about security after the event. If they took reasonable precautions before the event and stayed on top of the game, then surely they wouldn't find themselves getting pwned it would be the other way around!; Like this


by W3bWarl0cK April 7, 2009 11:18 PM PDT: I'm with aabcdefghij987654321 on this I'm afraid...
Although I don't know anything about n3td3v, his post does sound more to me like a pointless rant from a jealous under-achiever... The kind of thing Robin would say to Batman (if you'll excuse the analogy).
n3td3v, you seem to be missing a crucial point, and I recommend you go back and read the article again.

Kevin said "When you're with Web hosting companies, your security is as good as theirs. You just have to live with that," and then followed on saying "They do a good job. I don't think they're insecure,"

Even professionals in the area of IT security like him have standards as to what they believe "secure" to be. And if he believes that the box where his site is hosted is secure then (even if it isn't) is his issue to worry about. As for his so-called fame, name one other hacker that is as well known as him, or got given a worse sentence when they got caught. I know of only one, but the name escapes me right now.

If, at the moment, you're thinking that being well known isn't the point, I have to say I agree with you, but think about that cracker that's going to break into the Pentagon's systems one day, who is he going to tell? He'll sit for the remainder of his life keeping that secret to himself because a) he'd be a fool to tell anyone, and b) if he is stupid enough to tell someone, they'll never believe him.

Kevin Mitnick was arrested by the FBI and sentenced to 5 years in prison. He can go out and (should he choose to) tell the world "look at me, check what I did... I am the ****!!" and everyone's going to believe him for the simple fact that he got arrested for it. Stealth is all well and good, but at the end of the day, what indeed, is the point?; Like this


by skullaria-2009 July 14, 2009 10:58 PM PDT: I think n3td3v's comment is very insightful and well thought out.; Like this

Favorite Quote
by thedreaming August 22, 2006 8:54 AM PDT: "There's always a bigger fish" If you know where they quote comes from you probably live in a basement somewhere collecting pictures of Sarah Michelle Gellar....<insert evil smile here>; Like this Reply to this comment

Useless

by rxbbx August 22, 2006 10:28 AM PDT

Useless to do.. perhaps promotional stunt from himself :)

Like this Reply to this comment


by W3bWarl0cK April 7, 2009 11:21 PM PDT: Or not.

Forget for a minute that defacing a website is pretty juvenile, being able to go onto Enet and say "I defaced the great Kevin Mitnick's website. He's supposed to be this security expert and I got through" could get script kiddies a decent amount of notoriety... Especially if they got in through a hole in another website's security...; Like this

Nice Try At Spin Kevin

by crescentdave August 22, 2006 9:35 PM PDT

Fact is, someone defacing a so-called security expert's websites is rather pointed and significant. What's even more significant is Kevin uses frontpage extensions ... talk about using insecure technology.

Oh well, charge away Kevin! Hoover those gullible fear dollars.

Like this Reply to this comment

Try reading as a hobby
by Ken Reader August 22, 2006 10:49 PM PDT: There were no front page extension involved in this defacement. That was years ago when Defensive Thinking was defaced while sitting on a Windows host. He wasn't even able to use computer then and some supporters had set up the site with misconfigured frontpage extensions on a shared host.; Like this

Try reading as a hobby
by Ken Reader August 22, 2006 10:50 PM PDT: There were no front page extension involved in this defacement. That was years ago when Defensive Thinking was defaced while sitting on a Windows host. He wasn't even able to use computer then and some supporters had set up the site with misconfigured frontpage extensions on a shared host.; Like this

Hackers are prone to attacks too!

by wbenton August 23, 2006 8:22 AM PDT

What is it about a hacker that many people think makes them immune to attacks?

It only goes to show that even hackers can be hacked.

Kevin is just as human as you and I... even though he's much more aware of hacking than many, one slip up, one miss, one guard let down and even hackers can be hacked.

Bottom Line: He's human and there is no such thing as an totally unhackable system! Combined they only create a double-weakness!

Walt

Like this Reply to this comment

Hackers are prone to attacks too!
by kFuQ August 23, 2006 8:44 AM PDT: kevin didn't get hacked.. his hosting provider did.. get your story str8; Like this


by W3bWarl0cK April 7, 2009 11:24 PM PDT: Regardless of who gets hacked, nobody will ever be 100% secure. The fact remains that technology is always changing, closing old security holes only to open new ones that diligent crackers will find and exploit.

For all of you guys who would like a little education into IT Security and insight into how the minds of black-hat hackers work, I recommend you get a copy of Hacking for Dummies...; Like this

Stupid
by intel17 August 27, 2006 7:12 AM PDT: What was the point? A wast of time.; Like this Reply to this comment

Stupid

by intel17 August 27, 2006 7:13 AM PDT

What was the point? A waste of time.

Like this Reply to this comment


by deepthawt March 21, 2009 12:46 PM PDT: I think the point is, no one is infallible, self styled security experts can still get caught out by the bad guy's, if your going to host a company that offers security solutions, then shouldn't you stay current with the security trends and know what is exploitable and what is not?; Like this


by deepthawt March 21, 2009 1:13 PM PDT: The biggest problem that I can see on the internet, is their are thousands and thousands of site's that just do not keep up to date with the security news. Mostly because the people that manage or administrate these sites are just to bone idle or lazy to be bothered to upgrade to the latest secure version of the software.

Needless to say with such weak security being demonstrated by sites across the globe connected 24/7 to an online environment filled with Script Kiddies and hardened criminal hackers.

Where do people seriously think all the Spam & Virus problems are coming from?

It's coming from their own servers because they're too lazy to do something about it beforehand!; Like this Reply to this comment


by deepthawt March 21, 2009 1:42 PM PDT: How meny site's allow remote access to their mainframes via SSH? And then in contrast how meny of those site administrators then bother to set root login = no?

We're talking good security practices here, its not rocket science, the only people that should be allowed remote access, into machines should be people that have sat through a security briefing about why they will be given passwords that look: LiK3th15ssHd not passwords that: looklikethis

People just ignore good security practices and then worry about them after they find a breach, that is just unacceptable, because once you have hackers in, you may find its very hard to get the hackers out!; Like this Reply to this comment


by skullaria-2009 July 14, 2009 10:39 PM PDT: As a professional penetration tester, the well respected international firm I worked with hosted our OWN web server. We never considered anything else. Why would we? We had the skill to do it and do it well.; Like this Reply to this comment