Dear Kevin Mitnick: First, let me explain why I havent written to you sooner. I realize youve been out of the joint for three years now—after serving five years on that hacking beef—so I cant pretend I havent had an opportunity to reach out. Its just that, as you know, youve been forbidden to go online for e-mail or anything else under the terms of your release. And I do almost all my correspondence by e-mail.
But all thats behind us. As of last week, your online exile has officially ended. So, from now on, you can expect the occasional e-mail from me. Also, dont be surprised if you get e-mail from a few friendly guys from Nigeria and various college coeds with fake return addresses. (But, then, youve probably heard from them already.)
The real thing you should know as you re-enter cyberspace is this: In the most important respects, its like you never left. Sure, spam is threatening to take over the world. And pop-up ads are driving everyone crazy—or to Mozilla. But the really critical and surprising thing is that—even though your trial and your book clearly expose just how easy it is for hackers like you to weasel information from trusting employees, which can then be used to mount a devastating cyber-assault—most enterprises still make it easy for bad guys to flourish online. You wont believe it. Few enterprises offer employees even the simplest training on how to defeat social engineering, when and how to change passwords, or when to open e-mail attachments. So most companies remain wide open to the same kinds of attacks you were pulling more than eight years ago. Amazing.
I believe your claims youve left the dark side and are a security consultant. However, lets keep this an e-mail relationship for the time being and hold off on meeting here at the eWeek offices. As you know, Kevin, you cant be too careful when it comes to protecting yourself from social engineering.
Would you hire Kevin as a consultant? Write to me at firstname.lastname@example.org.