informa
Commentary

UPDATE: BlackHat, Kinda: 'Real' Black Hats Hack Security Experts

UPDATE: The rumor here is that the attacks did indeed happen, but the significance of it is actually quite small--not worth paying attention to, since attention is clearly what the attackers are seeking. More to come.
UPDATE: The rumor here is that the attacks did indeed happen, but the significance of it is actually quite small--not worth paying attention to, since attention is clearly what the attackers are seeking. More to come.

BlackHat, Kinda: Yesterday a hacking group released details (http://sh0dan.org/zf05.txt) of a number of successful attacks they conducted, apparently with the principal purpose of embarrassing some of the security industry's most well-known experts. The group claims that they collected about 75,000 passwords, including those of a few security experts speaking at the BlackHat Briefings today and tomorrow.

"Welcome one and all to the real Black Hat Briefings," reads the site. "Live from the underground, coming right at you free of charge."They go on to say: "This is a big one. We hacked notable whitehats Kevin Mitnick, Dan Kaminsky, and Julien Tinnes, among others. We continued the skiddie holocaust with darkmindz, elitehackers, hak5, binrev, and blackhat-forums. Along the way we created mass mayhem."

Note well: This has not yet been verified and I don't have the skills to verify it myself. I received this from a reliable source that I have every reason to trust and no reason not to, but I'll hold off on making any personal commentary until I have more details. I intend to check in with Dan Kaminsky and Jeff Moss (whom the author also mentions) and see what I can learn.

Amidst some biting criticisms (delivered in a rather juvenile tone) of well-known security experts, there is some commentary on the security industry that may be worth a bit of attention--for example the value (or lack thereof) of penetration testing.

More details, hopefully, to come.

Recommended Reading: