Tuesday, December 23, 2008

Wired covers the story of a master con man ("Catch Me If You Can!")

Wired Magazine, for January 2009, runs, on p 94, a detailed article by Kevin Poulsen, “Catch Me If You Can” (after Leonardo Di Caprio’s famous movie on a 1969 con artist), about “Last Days of a Hacker: Taking Down a Credit Card Con Man.” The link is here. This is the detailed story of San Francisco dark knight Max Butler, who developed in his Victorian apartment a plan to “rule the world,” that is, black market credit cards and identities. The story presents him as somewhat of a hacker godfather, who tried to reign in on all the operations, sometimes pretending he was going to turn out to be the good guy.

The story would make a good movie, and perhaps actually will some day. (Make Di Caprio would play him.) The story has other characters, like Christopher Aragon. The story says he could trick SQL servers into running his own commands. (Just think how a typical MySQL facility on a shared Unix hosting works. Something I’ve noticed: the security works for me in Internet Explorer 7 with all the latest fixes – despite the publicity over the flaws; it doesn’t work in Firefox, at least for me.)

The moral of the story is the incredible complexity of all of these applications and the multiple points of vulnerabilities, and the enormous number of user “trust points” in the world of making loans and giving credit.

No comments: