Language Selection

English French German Italian Portuguese Spanish

What's your number, Kevin Mitnick?

Filed under
Security

Doing this, he said, would allow employees to verify a caller was who they said they were by calling them back at the provided number. In the case of someone looking to snaffle company details over the phone, it would scare them off immediately. If the caller was legitimate, they would be happy to comply with the request.

"If people would just call people back," Mitnick told attendees at a forum hosted by vendor Citrix this morning in Sydney, "it would eliminate 80 percent of the threat".

Mitnick described how the Motorola employee who delivered him secret company source code back in his hacking days gave him a nervous moment when the call was almost lost as she put him on hold to check some details with her security manager. Ultimately, however, that attempt succeeded.

While most people naturally wanted to help others who contacted them, he said, employees needed to be taught to deny requests that could compromise security.

The reformed hacker -- currently a security consultant -- pointed out those attempting to breach company security relied upon the intelligence-gathering they did in the lead-up to an attack. One fantastic target for such information, he said, was the company's IT helpdesk.

"They're there to help," he enthused, pointing out fraudsters calling a help desk number would be able to find out what verification tokens -- such as date of birth or employee ID number -- help desk staff used to verify a caller's identity. They could then go away, do some research and come back armed and ready to breach a user's account.

While Mitnick's social engineering tips are ultimately timeless and technology-neutral, the ex-hacker is obviously keeping up with today's tech gadgets.

He pointed out one of Apple's AirPort devices (a popular wireless hub) could instantly create a wireless access port into any company's headquarters if plugged into a company network port.

"You could just put a company logo on it, with a label saying 'IT Department, do not remove'," he said. "You could be browsing the network from the parking lot."

A USB bluetooth device would fulfil the same function if plugged into the back of an employee's PC, he said.

By Renai LeMay
ZDNet Australia

More in Tux Machines

Why Everyone should know vim

Vim is an improved version of Vi, a known text editor available by default in UNIX distributions. Another alternative for modal editors is Emacs but they’re so different that I kind of feel they serve different purposes. Both are great, regardless. I don’t feel vim is necessarily a geeky kind of taste or not. Vim introduced modal editing to me and that has changed my life, really. If you have ever tried vim, you may have noticed you have to press “I” or “A” (lower case) to start writing (note: I’m aware there are more ways to start editing but the purpose is not to cover Vim’s functionalities.). The fun part starts once you realize you can associate Insert and Append commands to something. And then editing text is like thinking of what you want the computer to show on the computer instead of struggling where you at before writing. The same goes for other commands which are easily converted to mnemonics and this is what helped getting comfortable with Vim. Note that Emacs does not have this kind of keybindings but they do have a Vim-like mode - Evil (Extensive Vi Layer). More often than not, I just need to think of what I want to accomplish and type the first letters. Like Replace, Visual, Delete, and so on. It is a modal editor after all, meaning it has modes for everything. This is also what increases my productivity when writing files. I just think of my intentions and Vim does the things for me. Read more

Graphics: Intel and Mesa 18.1 RC1 Released

  • Intel 2018Q1 Graphics Stack Recipe
    Last week Intel's Open-Source Technology Center released their latest quarterly "graphics stack recipe" for the Linux desktop. The Intel Graphics Stack Recipe is the company's recommended configuration for an optimal and supported open-source graphics driver experience for their Intel HD/UHD/Iris Graphics found on Intel processors.
  • Mesa 18.1-RC1 Released With The Latest Open-Source 3D Driver Features
    Seemingly flying under our radar is that Mesa 18.1 has already been branched and the first release candidate issued. While the Mesa website hasn't yet been updated for the 18.1 details, Dylan Baker appears to be the release manager for the 18.1 series -- the second quarter of 2018 release stream.

Exploring Contributors Centrality Over Time

At the end of my previous post we concluded with yet another question. Indeed, on the 2017 KDEPIM contributor network we found out that Christian Mollekopf while being a very consistent committer didn't appear as centrality as we would expect. Yet from the topology he seemed to act as a bridge between the core contributors and contributors with a very low centrality. This time we'll try to look into this and figure out what might be going on. My first attempt at this was to try to look into the contributor network on a different time period and see how it goes. If we take two snapshots of the network for the two semesters of 2017, how would it look? Well, easy to do with my current scripts so let's see! Read more

KDE: Elisa 0.1.1, KDE Plasma 5.13 and More

  • 0.1.1 Release of Elisa
    The Elisa team is happy to announce the first bug fix release for the 0.1 version.
  • KDE Plasma 5.13 Is Making Great Improvements On Its Wayland Support
    KDE Plasma 5.13 that is due for release in June will have a great number of improvements to its Wayland support for allowing the KDE Plasma desktop to work much better on this alternative to the X.Org Server. KDE developer Roman Gilg has provided a nice summary of some of the Wayland improvements in the queue for the Plasma 5.13.0 release due out towards the middle of June.
  • This week in Usability & Productivity, part 15
    I’ve initiated a big project: overhauling KDE Open & Save dialogs for greater usability and productivity.
  • Latte bug fix release v0.7.5
    Latte Dock v0.7.5   has been released containing important fixes and improvements! Hopefullly this is going to be the last stable version for v0.7.x family. During the next months the next stable branch (v0.8.x) is going to appear.