Ask Kevin Mitnick

The hacker with perhaps the most famous first name around, Kevin Mitnick, has gone from computer hacking of the sort that gets one on the FBI's Most Wanted list (and into years of solitary confinement) to respected security consultant and author, helping people minimize the sort of security holes he once exploited for fun. His new book is called Ghost in the Wires: My Adventures as the World's Most Wanted Hacker; it's his first since the expiration of an agreement that he could not profit from books written about his criminal activity. Kevin's agreed to answer your questions; we'll pass the best ones on to him, and print his answers when they're ready. Note: Kevin also answered Slashdot questions most of a decade ago; that's a good place to start. Please observe the Slashdot interview guidelines: ask as many questions as you want, but please keep them to one per comment.

Re:Cybersecurity Companies

[frank_adrian314159]

I've worked for two of the major AV companies. In both cases, there were enough controls in place that, if it was financially happening, it would have become known. Even if you could have hidden the financials, if there was any sort of "collusion", someone would have leaked hard evidence by now, if only for the notoriety. Your paranoid imagination is just that.

The bottom line is that malware writers don't need the help. Think of it as information pollution. A manufacturer "saving" a few thousands per years in dump fees can cause a mess that costs millions to clean up. The malware writers' desires to get their botnets up and running to provide themselves collectively with a few million dollars per year are all of the incentive needed to produce the mess that requires billions in prevention and cleanup.

Re:Hi, Kevin. I'm one of your victims.

[icebraining]

The people who shouldn't sleep well at night is whoever thought credit cards where a good idea. Mitnick was responsible for 'stealing' 20k cards - they're responsible for all.

Seriously, a system where you have to give all the authorization info necessary to charge money to the company/person you're paying, and where there's only one single set of numbers, making it impossible to revoke access without canceling the whole card?
Who can trust it?

I don't know about yours, but here we have accounts where we can set up 'direct debits', which not only can have limits, but can be revoked on an individual basis without affecting the account. This is the minimum for a decent payment system.

Re:Hi, Kevin. I'm one of your victims.

[Hatta]

The reason was something akin to the fact that because the DA told the judge that Mitnick had the ability to call up NORAD and whistle in the phone and cause all sorts of havoc on our defense system, part of his sentencing stipulated that he be kept away from telephones.

This is the reason prosecutors should not have immunity. Solitary confinement is torture. DA tortured Mitnick based on a completely implausible rumor. Both the DA and the judge that signed off on it belong in jail.