-
People are prone to taking mental shortcuts. They may know that they shouldn't give out certain information, but the fear of not being nice, the fear of appearing ignorant, the fear of a perceived authority figure - all these are triggers, which can be used by a social engineer to convince a person to override established security procedures.
-
I'm not a fugitive anymore. Never will be in the future. After spending five years in jail, you learn your lesson. I never want to return there.
-
Back in my day, I would probe by hand. Now you can get commercial software that does the job for you.
-
Our Constitution requires that the accused be presumed innocent before trial, thus granting all citizens the right to a bail hearing, where the accused has the opportunity to be represented by counsel, present evidence, and cross-examine witnesses.
-
Garbage can provide important details for hackers: names, telephone numbers, a company's internal jargon.
-
If hackers, if anyone committing a criminal act, wants to reduce their risk, they obviously don't involve anybody else. The greater the circle of people that know what you're doing, the higher the risk.
-
I use Mac. Not because it's more secure than everything else - because it is actually less secure than Windows - but I use it because it is still under the radar. People who write malicious code want the greatest return on their investment, so they target Windows systems. I still work with Windows in virtual machines.
-
You can never protect yourself 100%. What you do is protect yourself as much as possible and mitigate risk to an acceptable degree. You can never remove all risk.
-
For the average home-user, anti-virus software is a must.
-
The Internet is like the phone. To be without it is ridiculous.
-
I was hooked in before hacking was even illegal.
-
The Patriot Act is ludicrous. Terrorists have proved that they are interested in total genocide, not subtle little hacks of the U.S. infrastructure, yet the government wants a blank search warrant to spy and snoop on everyone's communications.
-
I did get a huge endorphin rush when I was able to crack a system because it was like a video game.
-
When somebody asks for a favor involving information, if you don't know him or can't verify his identity, just say no.
-
Businesses should absolutely set aside funding in their budgets for security consultants. Unless there is an expert on staff, and there usually is not, it needs to be outsourced.
-
Sometimes I get a call from my bank, and the first thing they ask is, 'Mr. Mitnick, may I get your account number?' And I'll say, 'You called me! I'm not giving you my account number!'
-
The explosion of companies deploying wireless networks insecurely is creating vulnerabilities, as they think it's limited to the office - then they have Johnny Hacker in the parking lot with an 802.11 antenna using the network to send threatening emails to the president!
-
I'm an expert witness in a case that's in appeal about a guy who allegedly misappropriated source code from a major, major company - he actually worked there and then apparently they found it on his laptop later.
-
Choosing a hard-to-guess, but easy-to-remember password is important!
-
Phone phreaking is a type of hacking that allows you to explore the telephone network by exploiting the phone systems and phone company employees.
-
One of my all-time favorite pranks was gaining unauthorized access to the telephone switch and changing the class of service of a fellow phone phreak. When he'd attempt to make a call from home, he'd get a message telling him to deposit a dime, because the telephone company switch received input that indicated he was calling from a pay phone.
-
The hacking trend has definitely turned criminal because of e-commerce.
-
Anything out there is vulnerable to attack given enough time and resources.
-
What happens with smaller businesses is that they give in to the misconception that their site is secure because the system administrator deployed standard security products - firewalls, intrusion detection systems, or stronger authentication devices such as time-based tokens or biometric smart cards. But those things can be exploited.