Language Selection

English French German Italian Portuguese Spanish

What's your number, Kevin Mitnick?

Filed under
Security

Doing this, he said, would allow employees to verify a caller was who they said they were by calling them back at the provided number. In the case of someone looking to snaffle company details over the phone, it would scare them off immediately. If the caller was legitimate, they would be happy to comply with the request.

"If people would just call people back," Mitnick told attendees at a forum hosted by vendor Citrix this morning in Sydney, "it would eliminate 80 percent of the threat".

Mitnick described how the Motorola employee who delivered him secret company source code back in his hacking days gave him a nervous moment when the call was almost lost as she put him on hold to check some details with her security manager. Ultimately, however, that attempt succeeded.

While most people naturally wanted to help others who contacted them, he said, employees needed to be taught to deny requests that could compromise security.

The reformed hacker -- currently a security consultant -- pointed out those attempting to breach company security relied upon the intelligence-gathering they did in the lead-up to an attack. One fantastic target for such information, he said, was the company's IT helpdesk.

"They're there to help," he enthused, pointing out fraudsters calling a help desk number would be able to find out what verification tokens -- such as date of birth or employee ID number -- help desk staff used to verify a caller's identity. They could then go away, do some research and come back armed and ready to breach a user's account.

While Mitnick's social engineering tips are ultimately timeless and technology-neutral, the ex-hacker is obviously keeping up with today's tech gadgets.

He pointed out one of Apple's AirPort devices (a popular wireless hub) could instantly create a wireless access port into any company's headquarters if plugged into a company network port.

"You could just put a company logo on it, with a label saying 'IT Department, do not remove'," he said. "You could be browsing the network from the parking lot."

A USB bluetooth device would fulfil the same function if plugged into the back of an employee's PC, he said.

By Renai LeMay
ZDNet Australia

More in Tux Machines

today's howtos

Linux Foundation: Juniper/OpenContrail and Bell Canada at Open Network Automation Platform (ONAP)

  • Juniper Expands Contrail, Moves Open-Source Project to the Linux Foundation
    "Fortunately at Juniper we have a secrect weapon and one that i'm so very proud of and that's Contrail," Rami Rahim, Juniper Networks CEO said during his keynote. "The way we have been investing and innovating in Contrail over the last few years is sort of similar to how a car company would invest in a Formula 1 car, it's essentially a proving ground for the world's best technology." Rahim commented that the use-cases for Contrail so far have been somewhat limited, but that's about to change. "The future of Contrail is as a platform, a single controller that can solve a variety of really compelling use-cases with ease and simplicity," Rahim said. "Whether it's management of overlay and underlay, or SD-WAN connectivity, or multi-cloud fabric management." Juniper originally acquired Contrail in December 2012 in a deal valued at $176 million. In September 2013, Juniper open-sourcedthe Contrail technology, creating the OpenContrail project.
  • Juniper Networks' OpenContrail software defined network joins The Linux Foundation
    The Linux Foundation is far more than just Linux. It's also the home of many open-source networking projects such as the software-defined network (SDN) OpenDaylight, Open Platform for Network Function Virtualization (OPNFV), and Open Network Automation Program (ONAP). Now, networking power Juniper Networks has announced that OpenContrail, its open-source network virtualization cloud platform, will join the others as part of The Linux Foundation.
  • Juniper Moves OpenContrail to the Linux Foundation
    Juniper first released its Contrail products as open source in 2013 and built a community around the project. However, many stakeholders complained that Juniper didn’t work very hard to build the community, and some called it “faux-pen source.”
  • Juniper Moves SDN-Based OpenContrail Project to The Linux Foundation
    Juniper Networks today announced the codebase for OpenContrail, its open source network virtualization platform for the cloud, is moving to The Linux Foundation.
  • Bell Canada says open source ONAP adds modularity, flexibility to its network
    Bell Canada has become one of the first service providers to deploy Open Network Automation Platform (ONAP), focusing its initial attention on automating its data center tenant network provisioning process. By making this transition in its network, the service provider said it will provide its operations teams with a new tool to improve efficiency and time to market. This is the first step in using ONAP as a common platform across Bell’s networks on its journey towards a multipartner DevOps model.
  • Bell Canada First to Deploy Open Source ONAP in Production
    Canadian communications provider Bell is the first organization to deploy an open source version of the Open Network Automation Platform (ONAP) in a production environment. The milestone was noted in a blog post by Arpit Joshipura, general manager of networking and orchestration with the Linux Foundation.

Software: Everdo, GIMP, Notepadqq

  • Everdo – A Todo List and Getting Things Done App for Linux
    Everdo is a modern and beautifully-designed Electron-based task management application with which you can keep track of your work using tags, project folders, smart filters, and schedules. It doesn’t need a cloud account to work so your data will remain save on your PC. Everdo features a modern and minimalist User Interface with an extremely clean, clutter-less, and uniform design in order to enhance speedy and distraction-free productivity.
  • GIMP 2.9.8 Released with On-Canvas Gradient Editing, Better PSD Support
    GIMP 2.9.8 has been released with on-canvas gradient editing, better handling of Adobe Photoshop PSD files, and support for those using GIMP on Wayland.
  • GIMP 2.9.8 Released With On-Canvas Gradient Editing, Wayland Support
    GIMP 2.9.8 has been released as the newest development version of this widely-used, open-source Photoshop-like program in its road to GIMP 2.10. Earlier this week I happened to highlight many of the changes building up for GIMP 2.9.8 as featured in A Lot Of Improvements Are Building Up For GIMP 2.9.8, Including Better Wayland Support.
  • Getting started with the Notepadqq Linux text editor
    I don't do Windows. The operating system, I mean. At least, not on my own computers and not with any of my own work. When I was a consultant, I often had to work out of my clients' offices, which meant using their hardware, which also meant using Windows at many of those offices. Even when using Windows, I tried to install as much open source software as I could. Why? Because it works as well as (if not better than) its proprietary equivalents. One of the applications I always installed was Notepad++, which Opensource.com community moderator Ruth Holloway looked at in 2016.

Getting started with the Notepadqq Linux text editor

I don't do Windows. The operating system, I mean. At least, not on my own computers and not with any of my own work. When I was a consultant, I often had to work out of my clients' offices, which meant using their hardware, which also meant using Windows at many of those offices. Even when using Windows, I tried to install as much open source software as I could. Why? Because it works as well as (if not better than) its proprietary equivalents. One of the applications I always installed was Notepad++, which Opensource.com community moderator Ruth Holloway looked at in 2016. Read more