Re: Sure of that, AC?
I have to disagree. He has legitimate hacking credibility. Besides the early buffer-overflow research, there's his contribution to the MSCHAPv2 cryptanalysis, his security analysis of PalmOS, and so on. And l0phtcrack obviously demonstrates breadth beyond BOFs and social engineering, and it wasn't just a trivial brute-force or dictionary cracker - even early versions made use of the cryptanalysis of the LANMan hash (which, granted, is pretty obviously broken) by Mudge and Weld Pond, and had sniffing capability.
