Date: Wed, 10 Dec 1997 13:58:50 -0800 (PST)
From: Mark 
Subject: Re: Yahoo's httpd hacked. (fwd)

For what it's worth, I dealt with Kevin Mitnick, Susan Headley (a.k.a. Susan
Thunder), Roscoe, & etc as far back as 1980.  Mitnick was bad news back then.
It is unlikely that he will ever reform.  The longer that he remains in the
slammer, the better.

I met him in person.  His acts at that particular conference led to the
establishment of a "canons of conduct" at future conferences which everyone
had to sign as part of registration.

The unfortunate aspect of all of this is that he seems to serve as a role
model for wannabees who hear (highly overhyped) stories of his exploits as
Hacker Against The System without the unsavory details.

Mitnick is not a nice person.  When he gets it into his head that he does not
like somebody, he will relentlessly stalk and harass his victim.  Markoff's
book doesn't begin to tell the story.  Unfortunately, most of us who have
Mitnick stories do not want to call attention to ourselves by telling them.

If the truth were known, he would be recognized as what he is: an unattractive
vindictive individual who takes delight only in hurting others.  He is not a
particularly skilled programmer.  He has one real skill; a Svengali-like
influence over some individuals.  His erstwhile associates weren't bad kids,
but were terribly misled.  All ended up being on the receiving end of
Mitnick's vicious streak; some ended up with criminal records as well.

What I'm trying to get at here is that this isn't just a security issue; it is
also a psychological issue.  It is difficult for some people to understand
that we are dealing with people who do these things for no purpose other than
to be hurtful.  It is important to understand that security is not for admins
to have a power trip (and thus is optional...), but rather to protect all of
us from seriously evil folks.  We are all only as secure as our weakest link.