Language Selection

English French German Italian Portuguese Spanish

What's your number, Kevin Mitnick?

Filed under
Security

Doing this, he said, would allow employees to verify a caller was who they said they were by calling them back at the provided number. In the case of someone looking to snaffle company details over the phone, it would scare them off immediately. If the caller was legitimate, they would be happy to comply with the request.

"If people would just call people back," Mitnick told attendees at a forum hosted by vendor Citrix this morning in Sydney, "it would eliminate 80 percent of the threat".

Mitnick described how the Motorola employee who delivered him secret company source code back in his hacking days gave him a nervous moment when the call was almost lost as she put him on hold to check some details with her security manager. Ultimately, however, that attempt succeeded.

While most people naturally wanted to help others who contacted them, he said, employees needed to be taught to deny requests that could compromise security.

The reformed hacker -- currently a security consultant -- pointed out those attempting to breach company security relied upon the intelligence-gathering they did in the lead-up to an attack. One fantastic target for such information, he said, was the company's IT helpdesk.

"They're there to help," he enthused, pointing out fraudsters calling a help desk number would be able to find out what verification tokens -- such as date of birth or employee ID number -- help desk staff used to verify a caller's identity. They could then go away, do some research and come back armed and ready to breach a user's account.

While Mitnick's social engineering tips are ultimately timeless and technology-neutral, the ex-hacker is obviously keeping up with today's tech gadgets.

He pointed out one of Apple's AirPort devices (a popular wireless hub) could instantly create a wireless access port into any company's headquarters if plugged into a company network port.

"You could just put a company logo on it, with a label saying 'IT Department, do not remove'," he said. "You could be browsing the network from the parking lot."

A USB bluetooth device would fulfil the same function if plugged into the back of an employee's PC, he said.

By Renai LeMay
ZDNet Australia

More in Tux Machines

Linux Mint 18.1 'Serena' KDE Edition Beta is available for download now

A Beta release for Linux Mint 18.1 'Serena' KDE is here. There are already versions available featuring other desktop environments, such as Cinnamon, Mate, and Xfce. You'd think that would be enough, but no! Apparently a fourth edition is needed. Some people feel that a KDE version is a waste of resources, but either way, here we are. So what is new? The KDE Plasma 5.8 desktop environment is the star of the show -- after all, if you do not want KDE, you wouldn't choose this version. The shipping Linux kernel is 4.4.0-53, which is surprisingly outdated. Ubuntu-based operating systems are never known for being bleeding-edge, however. Read more

64-bit Raspberry Pi Compute Module 3 ships for $25 to $30

The Raspberry Pi Compute Module 3 has arrived with 1GB RAM and the same quad-core -A53 SoC as the RPi 3, available for $30, or $25 without 4GB eMMC. Raspberry Pi Trading’s first 64-bit computer-on-module version of their flagship single board computer has finally arrived. Despite the name, the Raspberry Pi Compute Module 3 (CM3) is only the second generation of the CM1. Its name syncs up with the Raspberry Pi 3 Model B SBC, which uses the same quad-core, 64-bit Broadcom SoC. The CM3 is now shipping in $30 Standard (4GB eMMC) or $25 Lite versions, while the CM1 drops in price to $25. Read more

Panasonic Toughpad Rugged Tablet Muscles into Android Space

Panasonic Jan. 12 unveiled a new tablet in its Toughpad series of devices designed for the corporate world. But unlike so many other rugged Panasonic machines, the FZ-A2 doesn’t run Windows. Instead, the device is running on Google’s Android Marshmallow, an operating system not typically associated with rugged PCs and mobile devices designed for rough-and-tumble field-service work. But the FZ-A2 is just the latest model in Panasonic's expanding line of Android tablets. This new Toughpad includes several corporate-friendly features such as robust security, a hot-swappable battery and plenty of ports that allow connection to a wide range of accessories. The Toughpad is launching at a time when market reports have consistently shown a steady decline in popularity of tablets. But Panasonic says its device is coming along at the right time. This slide show will take a look at the Toughpad to see whether its features will convince field-service workers and corporate hardware buyers that the tablet really is as appealing a buy as Panasonic claims it is. Read on to learn more about Panasonic’s FZ-A2 Toughpad. Read more

LXQt Spin Proposed For Fedora 26

A new spin/flavor has been proposed for Fedora 26, one integrating the LXQt desktop environment. For those late to the party, LXQt is the formation of the LXDE and Razor-qt projects and built around the Qt5 tool-kit. Fedora currently has an LXDE spin while this proposed Fedora LXQt would continue to co-exist alongside the existing LXDE version. Christian Dersch who proposed the LXQt spin explained, "LXDE spin will exist until its maintainer will stop it, LXQt is independent from LXDE spin. So nobody is forced to change ;) Also both projects are maintained upstream so there is no reason to drop anything here." Read more Also: F26 Self Contained Change: LXQt Spin