Somebody could send you an office document or a PDF file, and as soon as you open it, it's a booby trap and the hacker has complete control of your computer. Another major problem is password management. People use the same password on multiple sites, so when the hacker compromises one site, they have your password for everywhere else.

When I read about myself in the media, even I don't recognize me. The myth of Kevin Mitnick is much more interesting than the reality of Kevin Mitnick. If they told the reality, no one would care.

It was used for decades to describe talented computer enthusiasts, people whose skill at using computers to solve technical problems and puzzles was - and is - respected and admired by others possessing similar technical skills.

The perfect PIN is not four digits and not associated with your life, like an old telephone number. It's something easy for you to remember and hard for other people to guess.

Back in my day, I would probe by hand. Now you can get commercial software that does the job for you.

The myth of Kevin Mitnick is much more interesting than the reality of Kevin Mitnick. If they told the reality, no one would care.

When somebody asks for a favor involving information, if you don't know him or can't verify his identity, just say no.

I could have evaded the FBI a lot longer if I had been able to control my passion for hacking.

I don't know the capabilities of our enemies. But I found it quite easy to circumvent security at certain phone companies throughout the United States. So if an inquisitive kid can do it, why can't a cyberterrorist do it?

I happen to be notorious. That, I have no control over.

The best thing to do is always keep randomly generated passwords everywhere and use a password tool to manage it, and then you don't have to remember those passwords at all, just the master password that unlocks the database.

I use Spam Arrest because of the amount of junk mail I get. Any legitimate person who wants to send me a message has to jump through hoops before they can be added to my opt-in list.

What happens with smaller businesses is that they give in to the misconception that their site is secure because the system administrator deployed standard security products - firewalls, intrusion detection systems, or stronger authentication devices such as time-based tokens or biometric smart cards. But those things can be exploited.

A lot of companies are clueless, because they spend most or all of their security budget on high-tech security like fire walls and biometric authentication - which are important and needed - but then they don't train their people.

Oracle, for example, has even hired people to dumpster dive for information about its competitor, Microsoft. It's not even illegal, because trash isn't covered by data secrecy laws.

So the ethic I was taught in school resulted in the path I chose in my life following school.

Not being allowed to use the Internet is kind of like not being allowed to use a telephone.

For the average home-user, anti-virus software is a must. A personal firewall such as Zone Alarm and running a program like HFNetcheck, which is a free download for personal users. It checks your system to see if anything needs to be patched. I'd also recommend a program such as SpyCop to periodically check for any spyware on your system.

Are hackers a threat? The degree of threat presented by any conduct, whether legal or illegal, depends on the actions and intent of the individual and the harm they cause.

I was an accomplished computer trespasser. I don't consider myself a thief.

I get hired by companies to hack into their systems and break into their physical facilities to find security holes. Our success rate is 100%; we've always found a hole.

Any type of operating system that I wanted to be able to hack, I basically compromised the source code, copied it over to the university because I didn't have enough space on my 200 megabyte hard drive.

I have done a lot to rehabilitate my reputation.

I think malware is a significant threat because the mitigation, like antivirus software, hasn't evolved to a point to really mitigate the risk to a reasonable degree.