Quotes of All Topics . Occasions . Authors
When somebody asks for a favor involving information, if you don't know him or can't verify his identity, just say no.
I was fascinated with the phone system and how it worked; I became a hacker to get better control over the phone company.
Back up everything! You are not invulnerable. Catastrophic data loss can happen to you - one worm or Trojan is all it takes.
The intent of the individuals who created the DDoS attacks has nothing to do with hacking, and they are vandals, not hackers.
I made stupid decisions as a kid, or as a young adult, but I'm trying to be now, I'm trying to take this lemon and make lemonade.
The myth of Kevin Mitnick is much more interesting than the reality of Kevin Mitnick. If they told the reality, no one would care.
The key to social engineering is influencing a person to do something that allows the hacker to gain access to information or your network.
I'm not a fugitive anymore. Never will be in the future. After spending five years in jail, you learn your lesson. I never want to return there.
I don't know of any case that involves computer hacking where there were multiple defendants charged where there wasn't an informant on the case.
Phone phreaking is a type of hacking that allows you to explore the telephone network by exploiting the phone systems and phone company employees.
My actions constituted pure hacking that resulted in relatively trivial expenses for the companies involved, despite the government's false claims.
I went from being a kid who loved to perform magic tricks to becoming the world's most notorious hacker, feared by corporations and the government.
No way, no how did I break into NORAD. That's a complete myth. And I never attempted to access anything considered to be classified government systems.
When I was in prison, a Colombian drug lord, offered me $5 million in cash to manipulate a computer system so that he would be released. I turned him down.
A lot of individuals out there carry a lot of proprietary information on their mobile devices, and they're not protected. It's a very target-rich environment.
Hackers are breaking the systems for profit. Before, it was about intellectual curiosity and pursuit of knowledge and thrill, and now hacking is big business.
You can never protect yourself 100%. What you do is protect yourself as much as possible and mitigate risk to an acceptable degree. You can never remove all risk.
You can never protect yourself 100%. What you do is protect your self as much as possible and mitigate risk to an acceptable degree. You can never remove all risk.
I think malware is a significant threat because the mitigation, like antivirus software, hasn't evolved to a point to really mitigate the risk to a reasonable degree.
New security loopholes are constantly popping up because of wireless networking. The cat-and-mouse game between hackers and system administrators is still in full swing.
I get hired by companies to hack into their systems and break into their physical facilities to find security holes. Our success rate is 100%; we've always found a hole.
Are hackers a threat? The degree of threat presented by any conduct, whether legal or illegal, depends on the actions and intent of the individual and the harm they cause.
I was addicted to hacking, more for the intellectual challenge, the curiosity, the seduction of adventure; not for stealing, or causing damage or writing computer viruses.
So what I was essentially doing was, I compromised the confidentiality of their proprietary software to advance my agenda of becoming the best at breaking through the lock.
No company that I ever hacked into reported any damages, which they were required to do for significant losses. Sun didn't stop using Solaris and DEC didn't stop using VMS.
Then again, my case was all about the misappropriation of source code because I wanted to become the best hacker in the world and I enjoyed beating the security mechanisms.
The perfect PIN is not four digits and not associated with your life, like an old telephone number. It's something easy for you to remember and hard for other people to guess.
Businesses should absolutely set aside funding in their budgets for security consultants. Unless there is an expert on staff, and there usually is not, it needs to be outsourced.
Social engineering is using deception, manipulation and influence to convince a human who has access to a computer system to do something, like click on an attachment in an e-mail.
Oracle, for example, has even hired people to dumpster dive for information about its competitor, Microsoft. It's not even illegal, because trash isn't covered by data secrecy laws.
I use Spam Arrest because of the amount of junk mail I get. Any legitimate person who wants to send me a message has to jump through hoops before they can be added to my opt-in list.
Use a personal firewall. Configure it to prevent other computers, networks and sites from connecting to you, and specify which programs are allowed to connect to the net automatically.
There's a feature on Facebook where you can enable security that checks the device you're coming from. By default these features are likely off, but as a consumer, you can enable them.
Sometimes I get a call from my bank, and the first thing they ask is, 'Mr. Mitnick, may I get your account number?' And I'll say, 'You called me! I'm not giving you my account number!'
I believe in having each device secured and monitoring each device, rather than just monitoring holistically on the network, and then responding in short enough time for damage control.
I trust online banking. You know why? Because if somebody hacks into my account and defrauds my credit card company, or my online bank account, guess who takes the loss? The bank, not me.
Most people assume that once security software is installed, they're protected. This isn't the case. It's critical that companies be proactive in thinking about security on a long-term basis.
When I read about myself in the media, even I don't recognize me. The myth of Kevin Mitnick is much more interesting than the reality of Kevin Mitnick. If they told the reality, no one would care.
Most of the computer compromises that we hear about use a technique called spear phishing, which allows an attacker access to a key person's workstation. It's extremely difficult to defend against.
I got so passionate about technology. Hacking to me was like a video game. It was about getting trophies. I just kept going on and on, despite all the trouble I was getting into, because I was hooked.
Any type of operating system that I wanted to be able to hack, I basically compromised the source code, copied it over to the university because I didn't have enough space on my 200 megabyte hard drive.
If hackers, if anyone committing a criminal act, wants to reduce their risk, they obviously don't involve anybody else. The greater the circle of people that know what you're doing, the higher the risk.
I don't condone anyone causing damage in my name, or doing anything malicious in support of my plight. There are more productive ways to help me. As a hacker myself, I never intentionally damaged anything.
All they need to do is to set up some website somewhere selling some bogus product at twenty percent of the normal market prices and people are going to be tricked into providing their credit card numbers.
Hacking was the only entertainment that would occupy my mind - like a huge video game, but with real consequences. I could have evaded the FBI a lot longer if I had been able to control my passion for hacking.
Hackers are becoming more sophisticated in conjuring up new ways to hijack your system by exploiting technical vulnerabilities or human nature. Don't become the next victim of unscrupulous cyberspace intruders.
I'm an expert witness in a case that's in appeal about a guy who allegedly misappropriated source code from a major, major company - he actually worked there and then apparently they found it on his laptop later.
I'm still a hacker. I get paid for it now. I never received any monetary gain from the hacking I did before. The main difference in what I do now compared to what I did then is that I now do it with authorization.
Being on the run wasn't fun, but it was something I had to do. I was actually working in legitimate jobs. I wasn't living on people's credit cards. I was living like a character out of a movie. It was performance art.
To have transactions made on your web site via credit card, you must be PCI compliant. Businesses make the mistake of thinking that because you passed the requirements and are PCI certified, you are immune to attacks.