It's interesting that Kevin disavows any responsibility for his third party hosting company. Like any other enterprise, he is responsible for managing his outsourced relationships. If he doesn't require them to meet his standards, the issue is his.

This is a classic example of the difference between a hacker and a security engineering professional. I don't know Kevin so I am no saying he is not a professional. However, he provides a great example of the difference in his last paragraph.

A professional security engineer recognizes that any security vulnerabilities that have to do with the company's assets, including image, is the company's responsibility to mitigate or remedy.

"That's not my system/my fault" is the sign of a week security profile.

Kevin, believe it or not, there are hosting companies that probably are less likely to be hacked than the one you use. You should recommend to your website's owner to get the hosting compnay to fix the problems or to move to a different hosting company. Then you won't have to defend your security acumen.

First, I'm looking for the value in the 5 things that Kevin has learned. I'm a little disappointed in the read. Second, there are lots of jobs out there where people who were involved in illegal activities do the same thing for "good" - most related to security, lots to physical security. "To Catch a Thief" is just one example. I agree with Kevin - must be fun to use an illegal thought process for good...

Weak article. The tag line lured me in but the body of the article had nothing to do with computer security and everything to do with Kevin's own ego trip.

There is a lack of depth in this article. I was hoping for more.

Breaking into systems was *** ALWAYS *** illegal. It has not always been criminal. This is a big distinction.

Tortious trespass is a violation of the rights of another and has always been so. This makes it unethical. Just because there is no gaol time, does not make an action legal.

Regards,
Craig Wright GSE-Compliance LLM

"The downside is that people think my company was hacked, but it was really this hosting company's network and not my own site that was breached."

What a lot of BS passing and blame shifting.

Assigning risk is a decision. If you go to an insecure site and do not make the effort to validate - then you get what you asked for.

Take responsibility for your own failings. Blaming another is just an excuse. How did you test the site? Did you even think to?

What was this article about? A press release to keep Mitnick's name in the news? There is little or no value in the rehash of his actions and I care not one whit that his isp was hacked and it wasn't his fault.

Next time you get Mitnick to talk, ask him about the training required to prevent social engineering or how he prevents spam from clogging his servers. Something useful rather than a weak color commentary on an aging hacker.

I'm old enough to remember the press on this guy when he was finally caught hacking government sites. There were recordings of him screaming at the investigators over the phone lines as he freaked the lines, claiming he was untouchable.
Now, in hindsight it was just for fun and personal gratification, according to this interview.
My how history changes ones outlook. I wish him the best, but wouldn't hire him for my networks.

As others have stated, Mr. Mitnick's past behavior isnt excusable due to a lack of anti-hacking laws. What he did was clearly criminal from the start - using con-man games to trick people into revealing their information, trespassing onto company properties, and of course theft of services as well as destruction of private property. Fraud performed using technical means is still fraud, and clearly illegal.

How many of Kevin's victims - people who lost their livelyhoods and found their careers ruined due to Kevin's actions - did the reporter talk to before writing this P.R. piece for Mr. Mitnick? All of the victims that Kevin has apologized to for his past behavior: NONE.