Online security is in the news today, in a big way. Of course, the Sony PlayStation Network hack was terrifying -- personal information from millions of accounts was exposed from what was supposed to be a secure database. And then, just as the network was coming back online, it was hacked again. We're also learning that a new attack is targeting Mac users who visit bad Web sites.
How bad is the security on the Internet? Will the hackers always win? Will consumers always lose? We're discussing this today with a very special guest, Kevin Mitnick.
Mitnick is a hacker. He used to be a criminal hacker. In fact, it's fair to say he was once the most wanted hacker ever. Mitnick landed in prison, in the 1990s, and his most notorious hack was getting to the cell phone companies and getting copies of handset source code. To some, Mitnick was a symbol of the dangers hackers posed to our safety, and needed to be locked up to keep us safe. To others, he was a scapegoat for the lousy computer security practices in corporate America.
Released and, arguably, rehabilitated, Mitnick now runs a security company of his own, in which he probes clients' networks for security flaws and then helps them patch those flaws. Mitnick has a new book coming out, "Ghost in the Wires," which is now available for pre-order on Amazon.
Some of our discussion pointsYour story is mostly one of social engineering, yes?
Tells us about how you got one vendor to FedEx you source code for a new phone.
Did you really put an alert in the phone network system so you would get notified if the FBI wiretapped your line?
Your job as the hired hacker: Discuss notable jobs, embarrassing security weaknesses. Have you ever worked for a company you couldn't crack?
Hacks in the news...
- LastPass data leaked.
How safe is the Internet today, compared to 5, 10 years ago?
How has the nature of attacks changed in last few years? Or has it?
Danger of linked accounts? e.g., using Facebook or Twitter, or LinkedIn for log-ins to new services
Mobile devices, location tracking, data on mobiles.
Social engineering: Still the key to the kingdom?
Passwords: Do they work? What about two-factor security? Biometrics?
Can we just assume that the people running security systems are incompetent, because they have to win all the time, while an attacker only has to succeed once?
Ethical hacking? Can we trust anyone? Can we trust you (or people in your job)? How do we know?
Will the hackers always win? If so, what's a poor sap to do?