RIP Kevin
The world would have been a much duller place without you.
Kevin Mitnick, probably the world's most-famous computer hacker – and subsequently writer, public speaker, and security consultant – has succumbed to pancreatic cancer. He was 59. Tributes have poured in from around the world following the announcement of his death this week. "We've lost a true pioneer of the digital world, …
Indeed. His "social engineering" and Morris's "worm" are the two defining moments which really created computer security as a topic, in the 1980's. I remember both very clearly, and both had massive impacts on the way we worked in DEC's Engineering group. It is unimaginable today how lax even big IT companies were before Mitnick and then Morris.
Interesting you mention DEC - in the late 70's I recall a PDP 11/70 running RSTS/E that had all of the priveleged programs that run at startup not only marked with temporary privileges, they could be RUN BY ANYONE. Once I found out about INIT I experimented with it and quickly learned how to bypass a login password [as long as I was already logged in]. Security CRATERS does not even come close to this basic design blunder, which should never have been set up 'that way' at a university...
It appears to be available on Amazon Prime, although I can't imagine that Kevin would disapprove of finding alternate means to access it.
Also, finding it took me about 30 seconds with Duck Duck Go. Not to condescend, but are you sure you're reading the right Web site? Maybe Ars Technica is more your speed.
I suspect he'd actively encourage pirating it, I recall seeing interviews where he was highly critical of the movie and especially the book it was based on...the book it was based on was laughably bad if I recall. It was written by Tsutomu Shimomura and from what I've heard the book reads more like Shimomuras food diary than anything else.
I'd highly recommend reading Ghost in the Wires instead.
Not to condescend, but are you sure you're reading the right Web site? Maybe Ars Technica Arsehole.com is more your style.
A fun loving pioneer has died far too young, tragically leaving a young family. What do you do? You spot the tiniest, most oblique, of opportunities to act like a supercilious, self-satisfied dick, before meeting that challenge with ease. Seriously mate, what's wrong with you?
You should know that it's usually better to keep your mouth shut and let people think you're an arse, than to open it and remove all doubt. Having read a lot by and about Kevin Mitnick, I'm pretty sure he'd be of the same opinion.
To quote Alan Partridge: "Some People!".
To quote me: "What a knob!".
I don't know a huge amount about the guy, but he was super famous in the 90s when teenage me got his first taste of internet and started hanging out with other teenage wannabe hacker dweebs. Free Kevin!
Also the mention of l0pht brings more 90s nostalgia. I used to frequently visit camneerg. It was pretty useless, but I thought it was cool.
Anyway, farewell, hackerman.
I suspect one of two causes for his cancer:
a) hereditary susceptibility
b) tobacco or recreational drug use
or less likely but possible: some kind of cancer causing retrovirus (retrovirus modifies DNA)
And, sometimes cancer starts in one place, but ends up killing you somewhere else.
Sad face 'cause nobody wants to die from 'El Cancer' ('Deadpool' reference). A plane crash, run over by a train, getting hit with lightning or a car, over quickily. Cancer often lingers and puts you through HELL.
The wiki article on that states that "Pancreatic cancer is the fifth-most-common cause of death from cancer in the United Kingdom,[17] and the third most-common in the United States", so I think it's more of a coincidence than anything else.
It's worth noting that it's not the 3rd or 5th most common cancer though. It's just incredibly deadly because of how exceedingly rare it is to pick it up before it's too late.
"In 2014, an estimated 46,000 people in the US are expected to be diagnosed with pancreatic cancer and 40,000 to die of it.[2] Although it accounts for only 2.5% of new cases, pancreatic cancer is responsible for 6% of cancer deaths each year."
My mother died of pancreatic cancer a few years ago, and in her last several years she was pretty stress-free. Others I know who have succumbed to the disease were also not what I'd consider "stressed" (at least not significantly beyond what I've experienced as the norm).
The topic of this thread is just selection bias, I think. There are quite a few famous tech figures; it's not hard to find a handful who have died of various fairly-common causes. Pancreatic cancer may be responsible for "only" on the order of 104 deaths in the US each year, but that's still a pretty big pool.
And relatively wealthy people will be more likely than the population at large to die from a cause such as pancreatic cancer, because they can afford a lifestyle and medical care that will improve their resistance to a number of other more-common pathologies. Reducing the likelihood of generally-more-common ends shifts probability mass toward the less-common, treatment-resistant ones. (As someone noted above, pancreatic is so often fatal because it's detected so late.)
Yep. Same reason why suicide is an increasingly "common" cause of death in young males: regardless of the tragic prevalence once you make automobiles safer, improve vaccination programs, workplace safety and general public health the other causes increase. Including the "evil lottery"[1] of cancer.
[1] Basically you have mutations all the time, pretty much at random. A tiny fraction of them are "cancerous" AND able to survive/evade the immune system AND able propagate in your body.
There were large numbers placed on the value of the material he "stole" from the phone companies. The large numbers were largely imaginary. But it was somewhere between sad and funny that all API documentation, operation manuals, and source code was eventually released free, when AT&T realized that the secrecy had no commercial value.
The best way to think of the corporate mind set at ATT and its owners BellSouth is in the way a thief sees the world: an image of itself. They have in my way found any and every technique to avoid repayment of refund and deposits why but to protect The Corporation. Using this as a principle of understanding if they can monetize technical data against so may "THEM" do so against The Corporation. Scott Adams worked for a telco and his work illustrates this well.
Oddly enough, the Cuckoo's Egg fuelled my fascination with auditing. It all started with a small discrepancy on a phone bill. It's not sexy, or interesting to normal folk*, but investigating the reason for small discrepancies has lead to all sorts of interesting discoveries. Fraud, sometimes.
*I freely admit to not being normal.
I work for one of the largest cybersecurity companies in the world that requires all employees to take an online security awareness course every year. The first time I got an email with a link to the course I asked the company's security bods for a confirmation that the KnowBe4 link was legitimate and safe to click. To my disappointment the vigilance didn't get me an automatic credit for the course (that was quite decent, especially the social engineering bits).
R.I.P., Kevin - your legacy lives on.
At my work we have these 'phishing simulations' where they deliberately send emails with dodgy links, to educate people. We also get regular mandatory training courses hosted by random external providers. So I report them as suspicious, I email our IT department asking if the links are safe to click, I get completely ignored and then I get told off for not doing the training in time. The phishing training works, but the process for reporting suspicious activity is completely broken.
Yeah, worked with someone who did similar, although he just checked for the "X-Phishing-Simluation" header or whatever it was the provider had injected.
As for how to flag them, most places I've been at recently have had a "report phishing" button in Outlook which reports it to the security team. For the training emails, it usually popped up a "congratulations, stay vigilant" type message for spotting it.
Same here, kind of. I work in Outsourcing Hell, and all things phone and IT are outsourced. So I get an email with "please click this link to see the status of your request", and there I'm expected to log in... And that is supposedly how it is supposed to work. Good thing I have learnt to curse quietly under my breath, or HR might get a report regarding offensive language in the workplace.
I'm in charge of information security for a mid sized company. I'm the person that sets up the test phishing campaigns, and also the person that assigns the security awareness training. We also use KnowBe4, and find them to have a great product. Having training material from Kevin himself was always a little special somehow. It's funny though, in the training videos, Kevin usually plays the unsuspecting end user.
We do the testing/training quarterly. There is increasing consensus that we should do the tests and training monthly. I think that is pushing it a little too hard, however.
I usually do this as: Training, testing, additional training if needed. KnowBe4 has the ability to assign people that fail the phishing tests campaigns to a particular group. That way I can send them through additional training. This works because the reward for passing the test is not having to sit through a bunch of additional, much longer training sessions.
We have a good mechanism for reporting suspicious email in place. End users often forward questionable email directly to me, however. I've worked hard to promote a culture of "if in doubt, please ask" when it comes to email (or any communications, really). I always respond personally, thanking the person for asking, and for their vigilance. I stress that it is never a bother for me to look at an email for someone. Whether is was a real phishing email, or a simulated one, I usually take a screen shot of the email, and highlight all of the red flags in the message when I respond. That way, even though their training worked, and they questioned the email, this can be a learning opportunity.
Another Legend passes. Another god from youngr, more innocent times.
Stephen Northcutt did an excellent dissection of Mitnick's hack against Tsuromu Shimomura's system in his 1999 book "Network Intrusion Detection" - and at that time, syn flooding and TCP hijacking was still possible. What is also worth noting, for someone who is described as not a particularly clever coder, Mitnick used routines to hide and obfusificate his source address, check the fake IP addressed he used is routable but not active, and so on.
L0pht - anther blast fro mthe past... L0pht Heavy Industries. L0phtcrack, an essential tool on every engineer's utility floppy disk. <- and I was old even then!!!
That's a terrible shame, I never knew the guy obviously only of his infamous exploits but 59 is not an age any person should pass away, proof to me that the universe really is just a scary and random place sometimes.
To lose his life to the big-C and leave a wife and young son without a father, rather than offer meaningless platitudes I'm off to make a donation to Cancer Research in Mitnick's name.
I had the opportunity to be Kevin's liaison during a corporate speaking event. That meant I got to operate the hand truck and haul around his computers. He would not let them out of his sight. To & from the stage for the rehearsal, and repeat for the live event.
My impression of meeting him personally in the context of a Vegas convention center is vastly different from the public persona he presented in later years. Out of respect for his widow & child, I will omit any details and just say he social engineered all of us until the end.
Without his antics we would not have the security awareness we have today, and many of us would not have the careers to match. Cheers!
USian TV in the off prime hours is populated by Infomercials offering cash for cancer caused by many sundry things. Now - here - we see pancreatic cancer linked to people who loomed large in the field. Just image the spokething asking if you have developed pancreatic or any other abdominal cancer after being exposed to some computer virus. Fingers hurt so time for a action against all keyboard manufacturers. This page will be referred but not shown as to the linkage that computers were the cause. Robbin, Shearim, and Lauff will represent you with the usual stipulations.