From hol-owner Tue Mar 7 22:44:50 1995 Return-Path: owner-HOL Received: from localhost (daemon@localhost) (fnord) by nando.yak.net (8.6.5/8.6.5) id WAA25238 for hol-out31415; Tue, 7 Mar 1995 22:44:50 -0800 Received: from localhost (strick@localhost) (fnord) by nando.yak.net (8.6.5/8.6.5) id WAA25232 for hol; Tue, 7 Mar 1995 22:44:38 -0800 Received: via =-=-=-=-= from strick@nando.yak.net for hol@hungary.yak.net (hol) Received: from localhost (strick@localhost) (fnord) by nando.yak.net (8.6.5/8.6.5) with SMTP id WAA25160; Tue, 7 Mar 1995 22:43:22 -0800 Message-Id: <199503080643.WAA25160@nando.yak.net> To: HOL@hungary.yak.net cc: strick@nando.yak.net, nandotronic@versant.com Subject: Re: (HOL) Press Coverage Bloopers in the Mitnick Story In-reply-to: Your message of "Tue, 07 Mar 1995 21:33:36 +0100." Date: Tue, 07 Mar 1995 22:43:21 -0800 From: strick at The Yak Sender: owner-HOL@hungary.yak.net Precedence: bulk Reply-To: HOL@hungary.yak.net Regarding Steve Carlson's recent posts about Mitnick: Someone on the 'eniac' mailing list pointed out the depths of corporate spin-control that emerged in the wake of Mitnick. Two really blatent examples were press releases from Netcom -- congratulating themselves on their role in apprehending Mitnick -- and an amazing one from the cellular phone industry -- congratulating themselves on their security, because they caught this guy. They didn't even name Shimomura in either press release. Netcom was only involved because they were so thouroughly infiltrated by hackers -- I've heard rumors about this for months, and I suppose it goes far deeper than just Mitnick. And apparently Shimomura had to fly to Raliegh, North carolina, to show the cellular company's own security people how to trace the cellular phone calls. Cellular phones have zilch for security -- protocols like "guess a random number" usually pass for "authorization". Where's the hack in that? A lot of the bad press about Mitnick will be due to whom he chose as enemies. He hacked netcom, the well, Shimomura, and other friends of mine here and there on the net. The group that wants to be known as "the good kind of hackers" -- the people who were kind of calling a lot of the shots on the net in the past -- were his targets. So you don't get a lot of people standing up for him, or pointing out that he wasn't all that bad -- the way people stood up for Phiber Optik, for instance. (And Phiber's picture is back in a recent special issue of Scientific Americian about the Net). If they really put him in jail for a long time, that'll set a precident for lots of bogus hacker cases, too. We've seen cases where students are thrown out of school for printing out the password file. (The UNIX password file is where you find out people's email addresses. The passwords are all encrypted, so you can't use them. If you really wanted to try to decypher them, you wouldn't print them out -- you need them in electronic form for you crack program to grind on.) These bogus cases are now going to get a lot worse. Phiber only got one year in jail -- but after Mitnick, Phiber might have gotten a much worse sentance. I agree with Steve that Mitnick is far from being the dangerous type of hacker. I have accounts on both netcom and the well, so Mitnick should have my credit card numbers. Does this frighten me? Not really. Not compared to the hundreds of gas station attendants, waiters, bookstore people, airline agents, etc. that have my credit card numbers. Mitnick liked to break into the "good guy's" computers. Others want to get rich from credit card fraud. I'm having a dispute with a company in New York right now that shipped me a computer that I didn't order. These hackers like Shimomura and Mitnick and Phiber (and myself) -- we're more like journalists -- we're in it for the story, to learn how it all works, and we tend to expose the vulnerabilities honestly, rather than try to jump in at the end and take all the credit for something, or lay all the blame. But who is "the Internet's worst nightmare"? It's governments. Clueless, powerhungry politicians that will decide that they know what is best for the net, and try to regulate or order or sanatize it. When they read this recent spew of clueless articles declaring that "the internet is too difficult to use and doesn't really have any good information anyway" I wish they would believe it, and just go away and leave us alone. strick ############# # This message to HOL@hungary.yak.net # was from strick at The Yak # # To unsubscribe, send "unsubscribe" to # An announcement-only subscription (less volume) is available # at # Send mail to for more information, # or to if you need human assistance. #############