Zitat des Tages von Kevin Mitnick:
I was pretty much the government's poster boy for what I had done.
We have problems with our physical security, operational security through to management.
For the average home-user, anti-virus software is a must.
So the ethic I was taught in school resulted in the path I chose in my life following school.
Back in my day, I would probe by hand. Now you can get commercial software that does the job for you.
I was addicted to hacking, more for the intellectual challenge, the curiosity, the seduction of adventure; not for stealing, or causing damage or writing computer viruses.
Steve Wozniak and Steve Jobs founded Apple Inc, which set the computing world on its ear with the Macintosh in 1984.
What happens with smaller businesses is that they give in to the misconception that their site is secure because the system administrator deployed standard security products - firewalls, intrusion detection systems, or stronger authentication devices such as time-based tokens or biometric smart cards. But those things can be exploited.
If I needed to know about a security exploit, I preferred to get the information by accessing the companies' security teams' files, rather than poring over lines of code to find it on my own. It's just more efficient.
Not being allowed to use the Internet is kind of like not being allowed to use a telephone.
I'm still a hacker. I get paid for it now. I never received any monetary gain from the hacking I did before. The main difference in what I do now compared to what I did then is that I now do it with authorization.
Some people think technology has the answers.
I was an accomplished computer trespasser. I don't consider myself a thief. I copied without permission.
I believe in having each device secured and monitoring each device, rather than just monitoring holistically on the network, and then responding in short enough time for damage control.
Any type of operating system that I wanted to be able to hack, I basically compromised the source code, copied it over to the university because I didn't have enough space on my 200 megabyte hard drive.
I could have evaded the FBI a lot longer if I had been able to control my passion for hacking.
The government does things like insisting that all encryption programs should have a back door. But surely no one is stupid enough to think the terrorists are going to use encryption systems with a back door. The terrorists will simply hire a programmer to come up with a secure encryption scheme.
Our Constitution requires that the accused be presumed innocent before trial, thus granting all citizens the right to a bail hearing, where the accused has the opportunity to be represented by counsel, present evidence, and cross-examine witnesses.
I think a cyber-terrorism attack is overblown, though the threat exists. I think al Qaeda and other groups are more interested in symbolic terrorism, like what they did to the World Trade Center - suicide bombers or something that really has an effect and is meaningful to people.
Garbage can provide important details for hackers: names, telephone numbers, a company's internal jargon.
Being on the run wasn't fun, but it was something I had to do. I was actually working in legitimate jobs. I wasn't living on people's credit cards. I was living like a character out of a movie. It was performance art.
When somebody asks for a favor involving information, if you don't know him or can't verify his identity, just say no.
My actions constituted pure hacking that resulted in relatively trivial expenses for the companies involved, despite the government's false claims.
To some people I'll always be the bad guy.
All they need to do is to set up some website somewhere selling some bogus product at twenty percent of the normal market prices and people are going to be tricked into providing their credit card numbers.
Then again, my case was all about the misappropriation of source code because I wanted to become the best hacker in the world and I enjoyed beating the security mechanisms.
But a lot of businesses out there don't see the return on investment, they look at it as a liability, and until they can understand that proactive security actually returns, gives them a return on investment, it's still a hard sell for people.
So what I was essentially doing was, I compromised the confidentiality of their proprietary software to advance my agenda of becoming the best at breaking through the lock.
Penetrating a company's security often starts with the bad guy obtaining some piece of information that seems so innocent, so everyday and unimportant, that most people in the organization don't see any reason why the item should be protected and restricted.
I use Spam Arrest because of the amount of junk mail I get. Any legitimate person who wants to send me a message has to jump through hoops before they can be added to my opt-in list.
I keep my stuff updated all the time. Being in the security industry, I keep up to date with securities.
To have transactions made on your web site via credit card, you must be PCI compliant. Businesses make the mistake of thinking that because you passed the requirements and are PCI certified, you are immune to attacks.
It was used for decades to describe talented computer enthusiasts, people whose skill at using computers to solve technical problems and puzzles was - and is - respected and admired by others possessing similar technical skills.
I could pose as a Yahoo rep claiming that there's been some sort of fault, and somebody else is getting your e-mail, and we're going to have to remove your account and reinstall it. So what we'll do is reset the current password that you have - and by the way, what is it?
I wasn't a hacker for the money, and it wasn't to cause damage.
Of course I'm sure half the people there hate me and half the people like me.