Mitnick In The News
Tips from a super hacker
Jun 1, 2016 - PCWORLDVN, by Yoke
Hacker Kevin Mitnick is a well-known since the 1990s that this hacker sharing tips that can help you use your smartphone and laptop safe.
- Privacy: Living with alien code
- Wi-Fi security is still the hot spot
- To stay safe on public Wi-Fi network
- 10 note to follow to stay safe on social networks
- 10 Vista security tips
If anyone is interested in technology, particularly network security, must know about Kevin Mitnick, who was known to be a hacker that the FBI and many government agencies headaches range from the 70s to the 90's of last century. If you see strange names, they can find reading a book he wrote, Ghost in the Wires. Since his release from prison, he has been working on security advice, and he always tried to help users understand the importance and risks of network security. Mitnick always insist on forms of phishing attacks based on the user's habits, which the tech world called social engineering, which is also the point where the security world less mention. He also focused on the vulnerabilities demonstrated that users often encounter, so they realize the seriousness of the problem.
He is currently working on a new book, called The Art of Invisibility, just let users know how to ensure online privacy in a world full of pitfalls and Internet security vulnerabilities . Also in this article, he shared with the press the way and simple tips to ensure safety for mobile devices.
Mitnick specialized makes the user think about things that they never thought of before. For example, if someone wants privacy should buy a phone without contract subscription with your service provider or purchase laptop only to not be identified. But he pointed out that even when buying a device "low-key" so there are some cases that you reveal and being tracked, for example, if you use the phone to call a taxi Uber.
In KnowBe4, where Mitnick Chief Hacking Officer holds, he helps businesses prevent and deal with cyber attacks and most dangerous trouble, that phishing attacks . This is a form of non-technical attacks (social engineering), by tricking someone to believe that an email or a message that it's a trusted source, such email from PayPal or from an acquaintance. Once users have content that's true message, they can open an application, or download a file and respond with a password or personal information given by them, or to a site that contains the malicious code.
Mitnick explained that attacks on users psychologically easier than attacking a computer, because the computer must operate under specific models and they do not get from other effects such as humans, as feel.
Mitnick said that "people are generally lazy", that hackers rely on this factor to fully exploit. Even at the RSA security conference , he simply needs to watch the experts attending the event their phone unlocked and he can say the majority of them also use the unlock code is 4 digits, rather for use long passwords. Should hackers, a simple password 4-digit is so hard for to decipher.
The best defense against phishing is not the anti-virus software or firewall, which is perceived by the user.
You might think it would be safer to use the phone with the security features as well as Blackphone 2 or Turing. However, an old iPhone is safe if all iPhones that awareness and sensitivity to identify fraudulent behavior where is, where is the truth. Perception is more important than equipment.
For example, using a chain Mitnick passcode (password for mobile devices) long, alphanumeric combinations, instead of just a password consisting of 4 digits on your iPhone. And when he restarts the device, it will not let him use the Touch ID to unlock (for the restart iOS only allows open device using passcode only). In the US, the court can force you to unlock the fingerprint, but they can not force you to disclose passcode.
Mitnick login solution like the iPhone because most attacks are targeted to your phone runs Android phone. But Mitnick also remind users that do not have equipment that is absolutely 100% safe.
Laptops and desktop computers
Mitnick knows his way to the press for the computer security of his mother by taking advantage of the signature model of Apple's code. He said his mother often called him every week to ask him fix her PC running Windows because it constantly infected. And each week, his work is often set out to Windows. So he bought her iMac, install an antivirus tool. And then, he locked the iMac.
Under Security & Privacy for OS X, in the "General" tab, end this tab there is a place marked "Allow apps downloaded from" (allows applications to download from. "The default setting of this item is:" Mac App Store and identified developers "(Mac app Store and identified developers have). for the Mac's mother Mitnick, he changed to set the" Mac app Store ", meaning that she is only allowed to download applications from the Apple Store, Apple has been authenticated only.
Mitnick said that the default setting is very unsafe, because just about $ 100 is possible to become an Apple developer. Therefore, simply switch to the new regime, he has solved the problem of malware infection. But he noted even that simple solutions can not protect you from the NSA (National Security Agency US) or smart hacker, good skills.
USB storage and other attacks
Mitnick see the technical demonstration computer attacks and his speeches at security conferences around the world as an art form. For example, at this year's CeBit exhibition in Germany, he has performed several attacks, including one very simple way is to simply attach a USB storage to computer hackers can control the entire system is dressed system, including the ability to activate and monitor the cameras, microphones and launch any program. In this attack, trick computer USB keyboard to think it is, not the storage device. This allows hackers to load keystroke code into, means hackers can do anything on the device via keyboard.
Mitnick illustrates this attack because "people think USB is always safe, because they have to disable autorun on your computer." He wants the public to realize that the USB device is not harmless kind.
And people are generally thought to be safe PDF file. So he illustrated with a few tools that help hackers can use a PDF file to hijack a computer.
One other type of attack is when hackers go to a cafe, where there is free Wi-Fi and hackers disable Wi-Fi router that makes everyone can not access the network. When they go back to the network, hackers can fake a different Wi-Fi networks with the same name. Once a user connects again, there will be a malicious code (payload) load on the user's computer.
Just know this might change our perception of safety net. The essence is that you really do not want to mount the USB pen or download a PDF file on your computer, whether you know the source is sending reliable source, because the social engineering attack makes us think us safe.
When those in the security industry has always focus on technique more then Mitnick emphasize non-technical attacks, because he relies on the way that hackers attacked more. In other words, security and privacy are not set up process done to it. Above all, it is important that we not only learn from security experts and their tools, but also from hackers, as objects to be well informed habit of using the phone and computer users ordinary users.
Therefore, you should always use caution when telephone and computer.