Schneier on Security
A blog covering security and security technology.
« Scene from an Airport |
| If You See Something, Think Twice About Saying Something »
May 25, 2010
Infosec Television Commercial
LIGATT Security certainly hopes to scare people.
Posted on May 25, 2010 at 8:20 AM
• 44 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
So? They will send their security engineers to enable WPA on their clients' home routers? Is that the core of their business strategy?
The fact that the perp is a black and the unsuspecting woman asleep in her bed is an innocent white seems racist.
The person who has the unencrypted Wi-Fi router can find out everything about the computer traffic that is piggy-backing on the unencrypted connection, but can someone piggy-backing on the unencrypted link install a keylogger and trojan on the host computer as implied by the ad?
CAN'T SLEEP. SCRIPT KIDDIES WILL EAT ME.
Wait, this was supposed to be taken seriously? It isn't an internet meme?
I saw his video earlier this morning and decided to comment. Greg kindly wrote back..
"Knightzend you are a fucking joke!!!!! You been doing pen test for 6 years I have been doing for 27 years. I have been in business for 20 years doing it. I wrote 8 books on security. I have contracts with goverment agencies. I will challenge you and any one who wants to go up against me. We can put up $1 million each and have the processed go to charity. If you don't have a $1 million lying around then you are not a real hacker. 6 years is a joke. You are still a rookie!!!!!!! Now I am call you and everyone else out!!!!! "
Ligatt CEO A supposed "hi-tech hustler", "WORLD'S NO 1 HACKER" and convicted felon (Bureau of Prisons #13432-112), Gregory Evans has invented himself as some form of hacker with the ability to break into anything and spin that supposed knowledge into advising companies on security. Instead, he and his company have little real knowledge beyond pedestrian hacking techniques found in books and beginner hacking texts.
Got to love how their website accidentally lets you make them portscan anyone of your choice. Now you can portscan the FBI and let them take the fall for it.
"The fact that the perp is a black and the unsuspecting woman asleep in her bed is an innocent white seems racist."
Yeah - because in a world where no-one cared what skin colour anyone had, no-one would ever make an ad like that. Right?
Oh, you mean the guy who was jailed for 2 years after plead guilty to conspiracy and wire fraud and merely said "It's how life works"? Gregory Evans has the professional ethics of the very criminals he speaks so much about, which is to say none at all. He's an egotistic unprofessional tosser who gives the profession he tries to associate with at every turn a bad name.
If that black guy is as fast the "Hacker for Hire Vulnerability scan", snow white needs to sleep unsuspecting more than just one night.
(I have been waiting for 10205 seconds and still 467 others in the queue).
I don't get it. Is it a protection racket?
Isn't a felony conviction a disqualification for leading a public company?
He can sit outside my house forever -- I'm protected by CAT5 :-)
Can someone tell me if a wireless attacker can wake-up a sleeping or power-save PC?
Greg Evans is a C|EH, you should contact EC-Council and make a complaint about him breaching their code of ethics if he is behaving like that. Oh right, C|EH is a joke. Nevermind...
@aikimark "a wireless attacker can wake-up a sleeping or power-save PC?"
Wouldn't that depend if your NIC had wake on lan and if you hadn't disabled it?
But if it's a built in wireless I dunno, definately, maybe. But I'd say not.
It would requrie testing but my lab box doesn't answer to wireless PS3 calls though it's functioning as a media center.
@around the bend
Turns out the owner of this company is a black man. Wouldn't it have been more racist to presume that a black person isn't capable of being a hacker?
When all you're looking for are racists, then racists, are all you will find.
I think the "racist" bit stems from his decision to leverage the racist side of things as part of the sale. He chooses to portray a out of luck black man turning to crime, which is a well documented racist stereotype. His in-your-face body language and tone of voice cements this image seals the deal.
Last stock quote for Ligatt Security is $0.0003 per share. That's not even a penny stock. It's a micro-penny stock!
It was the image of the pretty, innocent white woman in bed that struck me as playing to a racist stereotype when contrasted to the aggressive black man who is going to do a 'home invasion'. The white woman is shown immediately after the words 'home invasion' and after the commercial portrays a background to the speaking black of a wall with otherwise irrelevant graffiti.
@ aikimark, BF Skinner,
simple answer some do some don't...
It is ambiguous as to which standards apply and which order (nothing new there).
Some time agao I actually had a need for a card that did wake up the computer which then did a TFTP boot (the whole lot sat on a 100m high mast). However I needed it (at the time) to only respond to valid WEP (it got updated as time went on but only at routine maintainance times).
The upshot was I could not (back then) get a card to do it the way I wanted so ended up doing the access point kicking an ordinary NIC.
And retrospectivly I'm glad I did do it that way as upgrading the system has been easy and relativly cheap...
I doubt the company will be around for much longer. I wrote an 9 line shell script that would run on an old 486 linux box that does what they say that tattletell app does. Most of the stuff they sell is everyday software and hardware you can buy at any computer retailer.
Here is a linux script that does what their tattletell does for those that are interested:
if ping -c 1 $1
nmap -T 4 -A $1
Well, I certainly LOL'd at this.
I really loved the response posted by: KnightzEnd at May 25, 2010 10:17 AM.
I cant think of a better way for a business owner to maintain his credibility and enhance his standing.....
So what do I do when a client, or their third party contractor, has already outsourced to LIGATT. The personnel screening would come back failed (due to the reported felonius history of it's founder) and he might say..."Hey it takes a theif to catch a thief" and we all think of a young Robert Wagner and sigh "Al Mundy he's dreamy."
The larger industry has an entire class of intrusion specialists who learned thier craft by breaking and entering. Can they be trusted? How far and how do we even calculate the given value of trust? How do we validate their rehabilitation? Much as I might like to bring Mitnick into some engagements he'll never get cleared by OPM in the usual way
Is this even something that can be controlled in a contract?
Clause 8(3).c sub para 1 "Don't screw me."
@Knightzend "You been doing pen test for 6 years I have been doing for 27 years"
27 years? Meh. Since that takes the man back into the late 80s when he was what 16? ('Member this? Death to DISCO!, 'Member this? TETRIS!, 'Member this? CAPT WALKER! 'Member this? MADONNA!) even calculating for any time off for good behavior there was a prison term in there wasn't there?
Assuming he was a hacker in the age of BBS, dialup 300 baud acoustic coupled modems, and gopher servers I'm told everyone conflates their CV. But I'm not sure you're allowed to aggregate the time you were doing crime with the time you served as punishment for the crime, with the time you were doing non-criminal work in your resume.
Wow -- really? This is plain stupid. It reminds me of the Gold Commercials I hear on the radio to buy gold. It tries to scare people by saying they are going to lose all their wealth...
He should take $500 of that "million" and go buy a decent shirt and jacket.
The ones with nothing are the first to brag about having everything. CEH, lol....
>> But I'm not sure you're allowed to aggregate the time you were doing crime with the time you served as punishment for the crime, with the time you were doing non-criminal work in your resume.
Social engineering . . . is social engineering, and prison is a hothouse of it. If it's telco hacking, maybe it should even count.
You got it. I don't know whether the one inspired the other or both were inspired by the same racial stereotype. But it is v. v. funny.
This is the best adv for becoming a script kiddy ever.
Wardrivers to the money!
Yeah, Ligatt has a lot of bad stuff coming up on them check out our article on their use of other peoples credentials / work experience listed as Blogger's for them but have no idea of them
This isn't much worse than most commercials for small, independent companies. I think the car dealerships around here are much more guilty.
The unprotected network thing might seem like a joke, but my roommate just bought a PS3 and can access files on my computer with it. It makes me wonder just how easy hacking is....
When you write that when a company gets hacked then the hackers must be prosecuted, this is completely idiot. One must identify how extreme he was hacked and the degree of prosecution must be proportional to the degree of how much has been hacked the company. Here on Reunion Island there are companies that are facist because of your words...
Think of the impact of your thoughts... They can darken the life of a young people...
What a crap this Evans is... A thief is always a thief??? His track records doesn't seem convincing... His plagiarism are exposed to the bone! What else can he cover?? Evans a CEH??? Bet he's not. The con artist of the year, definitely...
CEH are stupid people that don't know how to hack in black box testing. CEH are just people that need to sell security but they don't know anything in term of real security and cracking.
The real crackers and security gurus are not showing anything. When you talk to them they do not dare to tell you they are skilled, they don't tell you they are "geeks"...
The real crackers do not crack and deface internet web sites, they keep their access for later, and use them clerverly.
Less words, More skills, More actions.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.