Yesterday, 08/07/08, I recorded Fox Business Network’s (FBN), Happy Hour with Cody Willard and Rebecca Gomez (Gogo) because former Mayor turned Real Estate Investor, Rudy Giuliani was scheduled to appear. I like Mr. Giuliani and wanted to see what he was up to.
Well, watching the program back late last evening, I received an unexpected surprise and blog fodder for this post!
It turns out that another guest appeared in an unrelated segment of the show having to do with Identity Theft, related to the news story: 11 Charged in Massive Credit Card Fraud Case, which brought up the whole TJ Maxx data breach, yada, yada, yada. So, Fox brought on an “Identity Theft Expert” (and I use the term EXTREMELY loosely) - Kevin Mitnick!
For those who are not aware of who Kevin Mitnick is, (is there anyone?) he is a convicted computer hacker turned security consultant. If you are so inclined to refresh your memory, you can check out his life on Wikpedia here: http://en.wikipedia.org/wiki/Kevin_Mitnick.
Now, before you all start coming down on me about how his sentence was excessive and all the other blah, blah, BS, let me say that I’m not condemning Mr. Mitnick for starting his own legitimate security consulting company. Nor am I saying that convicted criminals can’t do a 180. That’s not the point of this article.
What’s at issue with me is something that man said on national television - speaking as an alleged expert - that was down right WRONG! (For those who take my courses, remember the myths?)
At one point in the broadcast, Gomez asked Mitnick why aren’t the retailers secure? I believe she asked if it was a matter of not caring, or too cheap to put in the necessary security measures. Mitnick stated he believed they were, “too cheap.” (I agree, in part.) Then he went on to say that they are using WEP wireless security and that they should be using WPA because it’s unhackable. WRONG! WRONG! WRONG!
Dude! I know you were in jail until 2000 and that your supervision ended in 2003, but didn’t you do ANY RESEARCH before you started your security company and tout yourself as a security expert? Both WEP and WPA have been hacked since you’ve been freed!
Secondly, I don’t agree with your statement that retailers are just too cheap to put in the necessary security. The truth is both statements are true - they just don’t care and they are too cheap!
To retailers, identity theft and data breaches are a “cost of doing business” and a write-off. I mean think about this for a minute from a capitalist point of view. (And Cody, you should appreciate this!)
There is an underlying economy to this whole thing. Oh look! Another data breach! We’ll pay for your credit to be monitored for two years. (Credit reporting agencies make money - capitalism!) Oh look! Another data breach! (Security software and hardware companies make money as people scramble to secure networks - capitalism!) Oh look! Another data breach! (Security consultants and dove-tail businesses make money - capitalism!) It’s all about the money! From the thieves who steal your data to the companies who don’t secure your data! Capitalism at its finest baby!
And, I’m not complaining - just explaining!
So, there’s the first part of it.
Now, cheap or not, the REAL TRUTH IS WIRELESS IS NOT SECURE!
As we security professionals keep saying repeatedly, “Security is a process!”
Once we close one entry point, the hackers find another way in. And the truth is, what they’re coming up with is scary as hell! (But that’s an upcoming post later.)
Even if they were able to spend the money to secure their networks, the money wouldn’t be well spent realistically because the fix would only last a few weeks - at best! So, if the retailers are cheap about anything, it’s about not wanting to spend good money on temporary fixes!
Now, the other point of this post calls to question the fact that Kevin Mitnick also announced last night that he was asked to join the Lifelock Advisory Board.
Kevin, if you want any shred of credibility since you opened your company, DON’T ACCEPT! That’s career suicide!
Currently Lifelock has at least 5 class action lawsuits against it in a variety of states. I think the only reason they are still in business is because Goldman Sachs, the company being investigated by the FBI for subprime mortgage fraud, funded Lifelock’s last round of $25 Million in Series C Funding in January 2008. I don’t think they could afford another hit if Lifelock were to decide to walk!
I can’t believe anyone in their RIGHT MIND would want any association with that company! (But again, another blog post for another time!)
In closing, I’d like to say to Kevin Mitnick, “Stick to Social Engineering techniques or go back to school. A lot has changed buddy!”
To Fox Business, “Next time you need a security expert, call me!” (Ok, that was a shameless advertising plug! Hey! I’m only human!)
To Lifelock, “Good luck in court!”
Debbie Mahler
Founder
MICE Training & Education™
a Division of MICE Training & Technology™
Recent Comments