The hacking group ZF0 (Zero For 0wned) released the 5th edition of their eZine / hacklog

invisiblethingslab.com (Joanna Rutkowska) Blue pill etc etc got hacked.

-http://www.rec-sec.com/files/zf05.txt

-

Unbelievable !!!

well it was about when and not if and certainily not unbelievable if you know what i mean

What's so unbelievable about it? Most of these "security firms" are filled with charlatans.

Only goes to show us that there's no such thing as 100% security. If you're a high-profile target, you'll eventually get hacked; regular backups are the only solution.

Also:

~snipped quote and comment as per Policy (http://www.wilderssecurity.com/tos.php)~

(Dang, stuff like this makes me feel like switching to OpenVMS or something.)

Edit: bah, sorry about the quote, mods. I just get very angry when I read stuff like this.

Gullible Jones, no problem. We understand anger and frustration, but we need to be respectful in our comments as well. Take care.

JRViejo

And Kaminsky. And Mitnick. And...

Busy chaps, these ZF0

I'm not sure I'm following ... But, if I get this correctly:

1) Knowing security and being able to implement it are two different things. This is why dedicated companies/specialists should be left in charge of securing servers. Vast knowledge of system internal does not translate instantly into security. In fact, when you think big, you may miss a few small items. Or vice versa.

1.1) Bad configurations are often more at fault than actual lack of knowledge.

2) It pays to be nice and polite; you may never know who it is you offend :)

Like Bill and Ted say: be excellent to each other!

Cheers,
Mrk

-{ Quote: "What's so unbelievable about it? Most of these "security firms" are filled with charlatans." }-

If I understand your post correctly, then what's more unbelievable is that you refer to Joanna Rutkowska as a charlatan.
If I misunderstood, then I apologize.
Hugger

-{ Quote: "If I understand your post correctly, then what's more unbelievable is that you refer to Joanna Rutkowska as a charlatan.
If I misunderstood, then I apologize.
Hugger" }-

Can't speak for her directly, but I do know that Kevin Mitnick, for example, is vastly overrated in regards to his "skills." Most freshmen CS students are more competent in C or Assembly than Mitnick. Granted, the guy is good at social engineering (aka ~snipped~), but his technical prowess is severely lacking. This is why I said that breaches such as these do not surprise me. People behind these "security firms" should not be taken as experts just because their name is on the door.

Hi chronomatic,

Joanna Rutkowska is not an expert just because her name is on the door - she is a bonafide security researcher widely respected around the world for her work in rootkits, etc.

She does not use AVs - annoits them as ineffective, but does use Wireshark. Her primary machine was Windows XP 64 two years ago, not sure what it is these days.

-- Tom