Fwd: Dan Kaminsky
William Allen Simpson
william.allen.simpson at gmail.com
Thu Jul 30 18:42:50 CDT 2009
Valdis.Kletnieks at vt.edu wrote:
> ... Mitnick came out and *said* that he knew the site was insecure, but
> since no sensitive data was on there, it didn't matter. Presumably the
> site's monthly cost, convenience, user-interface, and so on, outweigh the
> effort of occasionally having to recover after some idiot whizzes all over
> the site.
> Now, if they had managed to whack a site that Mitnick and Kaminsky *cared*
> about, it would be a different story...
Remembering those ancient days, it always seemed to me that was Mitnick's
usual series of excuses (as in: he was a scapegoat, nobody was physically
hurt, their cleanup cost estimates were inflated, et cetera ad nauseum).
This just seems like more of the same.
I'm not a big fan of throw them in prison and throw away the key, but the
fact that his prison sentences (plural) and restitution were so lenient is
certainly a factor in the difficulty of convincing LE to take investigation
and prosecution seriously.
Security consultants that don't practice secure computing on their own
sites aren't much more than flacks for hire.
Anyway, most of the reading was pretty boring and badly formatted, but it
still put a bit of a knot in my intestines....
Are we paying enough attention to securing our systems?
More information about the NANOG