Security is always going to be a cat and mouse game because there'll be people out there that are hunting for the zero day award, you have people that don't have configuration management, don't have vulnerability management, don't have patch management.
Kevin MitnickI trust online banking. You know why? Because if somebody hacks into my account and defrauds my credit card company, or my online bank account, guess who takes the loss? The bank, not me.
Kevin MitnickI think it goes back to my high school days. In computer class, the first assignment was to write a program to print the first 100 Fibonacci numbers. Instead, I wrote a program that would steal passwords of students. My teacher gave me an A.
Kevin MitnickSteve Wozniak and Steve Jobs founded Apple Inc, which set the computing world on its ear with the Macintosh in 1984.
Kevin MitnickAre hackers a threat? The degree of threat presented by any conduct, whether legal or illegal, depends on the actions and intent of the individual and the harm they cause.
Kevin MitnickSo what I was essentially doing was, I compromised the confidentiality of their proprietary software to advance my agenda of becoming the best at breaking through the lock.
Kevin MitnickNo way, no how did I break into NORAD. That's a complete myth. And I never attempted to access anything considered to be classified government systems.
Kevin MitnickI did get a huge endorphin rush when I was able to crack a system because it was like a video game.
Kevin MitnickBut a lot of businesses out there don't see the return on investment, they look at it as a liability, and until they can understand that proactive security actually returns, gives them a return on investment, it's still a hard sell for people.
Kevin MitnickSocial engineering is using deception, manipulation and influence to convince a human who has access to a computer system to do something, like click on an attachment in an e-mail.
Kevin MitnickThe methods that will most effectively minimize the ability of intruders to compromise information security are comprehensive user training and education. Enacting policies and procedures simply won't suffice. Even with oversight the policies and procedures may not be effective: my access to Motorola, Nokia, ATT, Sun depended upon the willingness of people to bypass policies and procedures that were in place for years before I compromised them successfully.
Kevin MitnickI believe in having each device secured and monitoring each device, rather than just monitoring holistically on the network, and then responding in short enough time for damage control.
Kevin MitnickAll they need to do is to set up some website somewhere selling some bogus product at twenty percent of the normal market prices and people are going to be tricked into providing their credit card numbers.
Kevin MitnickThe Americans are the most gullible, because they don't like to deny co-workers' requests.
Kevin Mitnick