zlacker

[return to "Kevin Mitnick has died"]
1. josh26+W3[view] [source] 2023-07-20 00:24:24
>>thirty+(OP)
Mitnick was a hacker hero of mine in my youth. I think I’ve understood his role as jester prior to conviction less as I’ve grown older, but there’s something about the boyhood charm of being so divorced from the potential consequences of one’s actions that is almost unique.

Mitnick had so many stories that entranced the people around him. I heard one second hand of Mitnick dealing with a bank who had early voice verification software. Upon meeting the CEO he gave the executive his card and departed for the evening. Arriving back at his hotel, he called the CEO and asked him to read his phone number to him. The phone number contained all ten digits which Mitnick had neatly tape recorded so as to make the CEO’s voice reproducible. He then proceeded to use the bank’s vocal banking system to transfer $1 from the CEO’s account to his as the authentication mechanism was reading out your own account number in your voice.

When Mitnick arrived back in the board room the architect of the voice verification system was crestfallen and the bank CEO delivered a check on a silver platter.

Now how much of that tale is embellished I will never know as it was second hand, but that was the kind of whimsy Mitnick brought to our world.

Rest in Power.

◧◩
2. tomjak+A5[view] [source] 2023-07-20 00:38:02
>>josh26+W3
How would he have known the CEO's bank account number? Did the CEO write him a check at some point? Or maybe a bank's CEO traditionally gets account number 1…
◧◩◪
3. gabere+E6[view] [source] 2023-07-20 00:46:53
>>tomjak+A5
He used the CEO’s voice to access AN account, I don’t think it was the CEO’s specifically. But just an account, verified by the CEO’s voice, to his.
◧◩◪◨
4. jhugo+3J[view] [source] 2023-07-20 08:05:53
>>gabere+E6
I doubt the bank’s authentication system is built to allow the CEO’s voice to authenticate a transfer out of any account
◧◩◪◨⬒
5. detour+tY[view] [source] 2023-07-20 11:05:10
>>jhugo+3J
At Schwab my voice is my password. Is how Schwab authenticates me by voice. That demonstrates to me schwab knows they need a voice passphrase that wouldn't be used in passing or without raising suspicion.
◧◩◪◨⬒⬓
6. noSync+a11[view] [source] 2023-07-20 11:33:06
>>detour+tY
This comment is very hard to parse, but after reading it, I feel a general sense of relief that I'll never use Schwab.
◧◩◪◨⬒⬓⬔
7. larntz+Mc1[view] [source] 2023-07-20 12:59:59
>>noSync+a11
At first I thought this was a reference to the movie Sneakers (https://www.youtube.com/watch?v=-zVgWpVXb64), but after searching it seems Wells Fargo also does this, https://www.wellsfargo.com/privacy-security/voice-verificati....
◧◩◪◨⬒⬓⬔⧯
8. detour+pg1[view] [source] 2023-07-20 13:20:34
>>larntz+Mc1
I just thought it was an interesting contrast to the bank executive story. Which demonstrated how the passphrase may have evolved and that moving money is done by voice authentication today.

Using just ones voice is bad. Using a phrase is better. Using a phrase that is unique and describes its function may set-off alarm bells for some.

I never connected the phrase with Sneakers.

[go to top]