Ironically the same Kevin Mitnick who declared using default passwords "not hacking" gave a talk at HOPE http://thenexthope.org/ about his adventures avoiding law enforcement in which social engineering played a central role. Is lying to someone on the phone to get a password "hacking?" Maybe, maybe not, but he would have been unable to complete his goals without those crucial soft skills.
Perhaps password guessing and SQLi is "script kiddie stuff" but it makes me think of a "skilled thief" who scales a building and deftly opens a locked window 3 stories up, while a less experienced accomplice tries the back door and finds it unlocked. It's silly to condemn someone for using a simple method if that method is effective.
EDIT: Kevin Mitnick is cool guy, I don't mean to criticize him.
I think social hacking is far harder than trying to find vulnerabilities in a public server. It requires a whole different set of skills -- and I don't view it as being a "soft skill".
Yeah, right. Social Engineering is much easier than gaining access through some 0-day attack you have devised yourself, or even finding some working skiddie method (when dealing with a specific target). For one thing, you don't actually need any actual skill, you just need to be a good liar and have a good story. That's not skills, it's just a sociopathic trait some people are born with.
Perhaps password guessing and SQLi is "script kiddie stuff" but it makes me think of a "skilled thief" who scales a building and deftly opens a locked window 3 stories up, while a less experienced accomplice tries the back door and finds it unlocked. It's silly to condemn someone for using a simple method if that method is effective.
EDIT: Kevin Mitnick is cool guy, I don't mean to criticize him.