lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Sat, 3 Aug 2013 00:24:04 -0400
From: Justin Ferguson <jf@...co.net>
To: Gary McGraw <therealgarymcgraw@...hmail.com>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: I'm the best and that's all that matters

Far more difficult, and you have to picture this in 'barnaby speak',
was getting the installation of the dev environment without suspicion,
as he phrased it, when the technician came to install the ATM in his
living room and asked 'why?', he simply stated that he wanted to be
rid of the ATM transaction fees, they were killing him.

Having worked with him on a project not terribly long after that, he
was fairly concerned that ATMs would be his legacy and he planned on
targeting 'medical devices' next, which we saw with the pace makers.
The guy made an ATM, any ATM, it doesnt matter which, dump all of its
cash, a person can go back and forth about whether it was the highest
security ATM or not, but the truth still remains-- that money was
spendable anywhere and the weakest link is always the most important.
I didn't really know him all that well, a few months on projects here
and there and some odd times in vegas, but I imagine he would've
preferred to be remembered for his body of work and not the merits or
flaws of a particular hack.

That all said, I really hate this internet phenomena of when someone
'big' has a traumatic event in their life occur, there is the
outpouring of people saying 'best there ever was' and a similar
outpouring of people nit-picking the guys work, he's dead, thats that,
thats life, many people will miss him, life moves on and lets not try
to improve names one way or the other off of a dead body.

On Wed, Jul 31, 2013 at 2:37 PM, Gary McGraw
<therealgarymcgraw@...hmail.com> wrote:
>
> From: Gary McGraw <gem@...ital.com>
> Date: Saturday, July 27, 2013 01:04AM
> To: xxxx xxxx <xxxx@...ital.com>; SSG <ssg@...ital.com>
> Subject: Re: RIP Barnaby Jack
>
> I met him a few years ago at BankXXXX technology gathering where we both spoke (it was organized by Jason XXXXX who is now the CSO of BankYYYY). He gave his ATM hacking talk. Interesting, but not all that difficult! Turns out that our work designing systems that are hard(er) to hack is much more difficult than breaking poorly built ancient systems.
>
> gem
>
>
>> From: xxxx xxxx <xxxx@...ital.com>
>> Date: Saturday, July 27, 2013 12:48AM
>> To: SSG <ssg@...ital.com>
>> Subject: RIP Barnaby Jack
>>
>> What a shame! This guy was legendary.
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ