Kevin Mitnick on Coast tonight

[nalmeth]

http://www.tectonic.co.za/view.php?id=839
In this article, Kevin Mitnick supposes that given the option, he would rather attack open source system's then closed source systems.

“Open source would be easier [to hack],” admits ex-hacker turned security consultant Mitnick. “It's less work.”

“You want to make that function call fail. Does it cause an exception? If it does then the programmer probably hasn't validated the input. You could supply your code in a particular manner – thus tricking the application or function into executing your own code. Hackers want to execute their own code – preferably with privileges – and then they gain control.

“On the face of it, open source software is more secure,” says Mitnick. “A lot of eyes are looking at the code. You'd think that with OSS, with more people looking at the code, you're more apt at finding security holes. But are enough people really interested?”

Is this guy really a reliable authority on this? I know about his history, but it seem's he just focuses on social engineering tricks, rather than technical expertise. What do you more technical user's think of his comments?

BTW
Kevin Mitnick is guest hosting Coast to Coast AM worldwide tonight (probably on a station in your area), his guest is Apple's Steve Wozniak.
I think it could be an interesting show.
I hope some gnuru's call in and ask some tough questions. I encourage anyone with anything to say to him or Steve Wozniak to flood the phone lines.

[ice60]

http://www.tectonic.co.za/view.php?id=839
In this article, Kevin Mitnick supposes that given the option, he would rather attack open source system's then closed source systems.
Is this guy really a reliable authority on this?

have you ever heard one of his talks? he certainly knows alot more then me about networks lol

there's a 2600 documentary and interview with him which you can download with torrent.
http://www.freedomdowntime.com/

here's one of his talks. there's other good stuff on the page too.
half way down the page -
mitnick-1.mp3 6838400
Friday Keynote: Kevin Mitnick (Part 1)
Friday 1600 Area "A"

mitnick-2.mp3 6283392
Friday Keynote: Kevin Mitnick (Part 2)
Friday 1600 Area "A"
http://audio.textfiles.com/cons/h2k4/

[htinn]

I wonder if this is his publisher's idea.

Currently he's penning an autobiography to clear up some myths about himself.

"Say something controversial so we can rake in more suckers."

[prizrak]

Kevin Mitnick is not a very good cracker, he is a great social engineer but on the technical side of things his kind of lacking. He is the best known cracker in the world, which also kinda tells you how good he is. You never hear about the good ones it's the bad ones that get caught
I wouldn't take what he says into account much. This is basically how OSS works, the source code is open to everyone to look at. It is extremely easy to find a security hole in it. At the same time there is more than one person looking, and what might be discovered by a cracker will also be discovered by a hacker, as opposed to a cracker a hacker will submit a bug report or a patch or both. OSS also has a history of very fast patch releases as soon as vulnerability is exploited it is known to all and the patch comes out extremely fast (there been cases of patches comming out literally hours after a hole was discovered). There is also the statistics of critical vulnerabilities for FOSS vs Proprietary software and FOSS usually wins.

[nalmeth]

There is also the statistics of critical vulnerabilities for FOSS vs Proprietary software and FOSS usually wins.

Not across the board though I imagine.
There must be a lot of security holes in a lot of new apps that are developed by only a few people. I know that the kernel is patched continously, which is the key-point, but would a bank use OSS in their security system's?
EDIT:
Or do they already?

[htinn]

<obvious>Security isn't just about using the right tools, it's also about finding people smart enough to use them wisely.</obvious>

[prizrak]

Not across the board though I imagine.
There must be a lot of security holes in a lot of new apps that are developed by only a few people. I know that the kernel is patched continously, which is the key-point, but would a bank use OSS in their security system's?
EDIT:
Or do they already?

Loads upon loads of firewalls and traffic balancers run Linux. I'm sure new apps have more holes but the metrics usually take speed of patching into account (well some of them). Also any application that is widespread in the OSS world will be maintained (if not developed) by alot of people since alot are using it.

[nalmeth]

My God, what an exausting interview.
To say the least, Steve Wozniak isn't the modest type.
I suppose this shouldn't be too suprising, because he is very successful, but wow.
Lame.
Kevin Mitnick was the host, and posed questions, which Wozniak would take and drag on and on and on until Mitnick had to cut him off for commercial break.
I was kind of disappointed, because Wozniak seemed to hijack the show (without Art Bell there to set him straight) and turn it into a Apple Showcase.
Lame.
Usually they have really good shows when they talk about technology, but this was just a chance for Wozniak to go on about how smart he is, his brilliant ideas, and how Mac is just the greatest thing on planet earth.
NO mention of OSS of course, even Mitnick didn't approach the subject.
Lame.
It was funny though when people would call in and ask technical questions, or ask to explain why Mac is less prone to viruses, etc. He had no idea!
Mitnick held back most of the show, but clearly was the wiser. Wozniak seemed caught in the past in his glory days.

[mips]

Mitnick is more of a social engineer than a cracker. When it comes to technical stuff i would not pay to much attention to what he says.

Like someone said, he got caught...