Famed ex-hacker Kevin Mitnick is warning against security strategies that focus on technology. Rather, teaching your staff to say no will help keep your network secure, he says.
Mitnick, a cyberspace legend known for having penetrated the networks of such companies as Motorola and Nokia, spoke Thursday at Toshiba’s MobileXchange conference in Melbourne, Australia.

Mitnick led the FBI on a 15-year manhunt that ended in 1995, and he ended up behind bars for nearly four years. Older and seemingly wiser, he now uses his skills for good as a Los Angeles-based security consultant.

Many companies invest heavily in technologies to protect their networks, but Mitnick was quick to point out that even the tightest technological barriers never stopped him. Rather, some carefully planned social engineering–or even a bit of dumpster diving in one’s spare time–can often be far more effective at penetrating the weakest security link at most companies: their people.

“What you can find in the trash is simply amazing,” Mitnick said. “People throw out notes, drafts of letters, printouts of source code, printouts of project documentation they’re working on. In some cases, they even write down passwords and access information, or calendars that list every person that person has talked to or met with.”

more from [url=http://news.com.com/Mitnick+Security+depends+on+workers+habits/2100-7355_3-5600202.html?part=rss&tag=5600152&subj=news]News dot com[/url]

---

Filed under: Security - @ March 8, 2005 12:42 am