Comments on: Dan Kaminsky & Kevin Mitnick Hacked

By: Bogwitch

Bogwitch — Tue, 11 Aug 2009 11:40:10 +0000

I’ve got to agree with Morgan on this one. By far the easiest way to get behind a firewall is to abuse the wetware – the human – behind it. Either by redirecting to a malicious site or emailing a custom trojan.

There is always the possibility to find a o-day in the firewall, where a malformed packet causes the firewall to barf and fall over in an open state, but that’s pretty unlikely, the leaks are usually from within.

Also, there is the risk of information leaking from your system via other channels, assuming it’s worth an attackers effort – Google ‘tempest’

By: Morgan Storey

Morgan Storey — Mon, 10 Aug 2009 08:04:36 +0000

@Null: there could still be an 0-day in something you are using or the easiest target you, they could simply social engineer you to go to a site that drive by downloads something that then makes a connection out to them through your pfsense firewall. Nothing is unhackable, even un connected boxes have theoretical hacks bury it in concrete or destory it if you don’t want it to leak.

By: id

id — Sat, 08 Aug 2009 21:50:29 +0000

“No one has ANY idea how long they

By: Jeff Price

Jeff Price — Wed, 05 Aug 2009 16:42:47 +0000

Is that really all that impressive? Mitnick’s strong points were Social Engineering and Buffer Overflows. Does it really surprise you? This isn’t the first time he’s been hacked. Hes even said too that there if no fool proof security, repeatedly in his books.

By: lol @ null

lol @ null — Tue, 04 Aug 2009 22:36:54 +0000

@ null
if the server does not accept connections on any ports. then no.

By: katphyte

katphyte — Tue, 04 Aug 2009 19:53:45 +0000

This just validates the fact that if you want something to stay secure, don’t ever put it on the web. And it’s more than just a little freaky when you think about the fact that the h ackers behind it probably did it just to see if they could. So what would a malicious attacker who is out for blood do?

I’ll be the first one to say that no matter how much you know, there’s someone out there who knows more. Too much confidence in yourself can make you forget that you’re really just as vulnerable as the next person.

By: null

null — Tue, 04 Aug 2009 15:39:27 +0000

can “they” hack a pfsense or openbsd router without open ports? just for web surfing, without servers listening?
this is not a chalenge, it is just a question…

By: SpiderM@N

SpiderM@N — Tue, 04 Aug 2009 14:57:02 +0000

By: Sploo

Sploo — Tue, 04 Aug 2009 05:52:45 +0000

Yes, i believe they CAN be that hidden.

By: Black of Hat

Black of Hat — Tue, 04 Aug 2009 05:26:52 +0000

So who is this Zero For Owned group? I have read two of their zines. But there seems to be a lack of information about the group itself. Surely they can’t be that well hideen underground.