Interview with Kevin Mitnick

Slashdot runs the questions and answers with the world most famous hacker Kevin Mitnick.   While most of his adventures and opinions are well covered on the web and in the books, you might still be surprised by some of the answers.

Here is his take on the involvement of anti-virus and other security companies in the creation of viruses and other malware.

Cybersecurity Companies?
by bigredradio

Kevin, do you suspect any collusion on the part of cybersecurity companies such as Kapersky Labs or Avast! and virus creators? If there were not so many exploits in the wild, would there be a billion-dollar anti-virus industry?

KM: I don’t know about Kaspersky but I think it’s ludicrous to assert that any anti-virus company would be involved with malware creators. These are large companies and the risk of being involved in this type of unethical behavior is too great.

And here is his opinion of what the future has for us.

by Anonymous

What cybersecurity threats do you see as the most dangerous to the Internet now?

by zero0ne

What threat do you see as the most dangerous in 2, 5 and 10 years?

KM: Malware is probably the most substantial threat. Not only because it is so prevalent and being crafted better to avoid detection, but also because a large majority of internet users are oblivious to the dangers involved with clicking unknown links, authorizing Java Applets, opening attachments from people they don’t know, and are easily fooled by average phishing attacks. People are still the weak link, and even intelligent ones make poor decisions. Case in point, the recent spearfishing attacks on Google and RSA, which proved highly effective.

Looking into the future is difficult as technology progresses so rapidly. In the next few years, as more and more corporations move towards cloud computing, these servers loaded with information are going to be the new playground for hackers. Layers of security need to be applied in any cloud-computing environment to minimize the risk.

With the recent hacks on Certificate Authorities, I would count on SSL becoming obsolete in the future and being replaced with a new, more robust secure standard, since the “web of trust” is no longer a feasible model.

With the proliferation of consumer devices coming onto the market that are internet-ready, I would expect to see more attacks at the heart of these new technologies. New devices, especially those branded by names like Apple, Microsoft, and Google, always tend to draw the attention of hackers from all over the world.