Mitnick was exciting and provided real-world information that not only informed but entertained the audience. He left the Academy a buzz as word of his presentation spread and had the Midshipmen asking for additional sessions with him!"
Director, Cyber Security Center
United States Naval Academy
December 10, 2012
"We have been fortunate enough to work with Kevin over the past 3 years. I am consistently amazed at the quality of work from him and his team. We have used a number of third parties for various security tests over the years. Kevin's thoroughness and breadth of knowledge is unsurpassed. Kevins results are not just a finding on a report. He shows you how it could be exploited. Working for a software company it can sometimes be tough to convince development staff that a finding is really an issue. It is extremely powerful when Kevin and his team not only puts it in the report but sets up an example and shows the staff what could happen. This past year we had Kevin perform his testing and then follow up with a presentation to the entire organization. Kevin is not just a brilliant security tester. He is a very engaging and effective speaker. Kevin was able to mix stories from his past with stories from our organization and come up with the most effective security presentation I have ever seen. At many organizations security is just something that we have to do. In our company our employees understand the threat because they have seen it. This is a testament to the work that Kevin has done over the past few years for us."
Joel – Chief Security Officer – Financial Services company
"It is not what you know that is scary, it's what you don't know and Kevin Mitnick has a presentation that will demonstrate just how ignorant you are. If you need to put the fear of god into your C-Level co-workers or motivate your directors to approve your security budget, I would suggest that you have them attend his highly interactive and entertaining demonstration.
Kevin starts his show by demonstrating some fairly straight forward hacks. With multiple monitors set up, Kevin demonstrates a user opening a PDF file—with no tipoff to the user, Kevin takes control of the targeted PC. He repeats the demo with an IM message and then a flash drive. Think you have USB devices locked down? I did until Kevin showed a modified Flash Drive that looks like a "Human Interface Device". It emulates a keyboard and is programmed to surreptitiously "type" input on command.
Thank goodness you think, "well, at least my building is physically locked down and secure". Not for Kevin. Another demo showed how quickly many proximity cards can be copied and cloned just by walking by someone who has access to the door that you desire to enter.
Kevin spends quite a bit of time discussing "social engineering" and the fact that successful attacks almost always take advantage of people. Whether it is following human nature by holding a controlled door open for someone with a heavy package, or the stupidity of your receptionist who gives a password to a stranger posing as IT support, the technical side of attacks is only the tools. The simple fact is that the most vulnerable link in security is people. We object to security because security is almost always a tradeoff versus convenience. Further, far too rarely do we question the people and events happening around us. We let our guard down thinking it can't happen because it hasn't happened. Perhaps the only reason it hasn't happened is because you, up until now, have been lucky. See Kevin and bring the leadership of your company. At the very least it is an eye opener. At best, maybe a future hacker will decide you are just too well informed to attack."
Kevin starts his show by demonstrating some fairly straight forward hacks. With multiple monitors set up, Kevin demonstrates a user opening a PDF file—with no tipoff to the user, Kevin takes control of the targeted PC. He repeats the demo with an IM message and then a flash drive. Think you have USB devices locked down? I did until Kevin showed a modified Flash Drive that looks like a "Human Interface Device". It emulates a keyboard and is programmed to surreptitiously "type" input on command.
Thank goodness you think, "well, at least my building is physically locked down and secure". Not for Kevin. Another demo showed how quickly many proximity cards can be copied and cloned just by walking by someone who has access to the door that you desire to enter.
Kevin spends quite a bit of time discussing "social engineering" and the fact that successful attacks almost always take advantage of people. Whether it is following human nature by holding a controlled door open for someone with a heavy package, or the stupidity of your receptionist who gives a password to a stranger posing as IT support, the technical side of attacks is only the tools. The simple fact is that the most vulnerable link in security is people. We object to security because security is almost always a tradeoff versus convenience. Further, far too rarely do we question the people and events happening around us. We let our guard down thinking it can't happen because it hasn't happened. Perhaps the only reason it hasn't happened is because you, up until now, have been lucky. See Kevin and bring the leadership of your company. At the very least it is an eye opener. At best, maybe a future hacker will decide you are just too well informed to attack."
-Steven L. Susman, Director-Information Technology, Manager-Engineered Systems, Supreme Security Systems, Inc.
