RE: [fw-wiz] Re: Ethics, morality and the industry

• Previous message: Marcus J. Ranum: "[fw-wiz] Re: Ethics, morality, and mental retardation"
• In reply to: Mark Teicher: "Re: [fw-wiz] Re: Ethics, morality and the industry"
• Next in thread: \: "Re: [fw-wiz] Re: Ethics, morality and the industry"
• Reply: \: "Re: [fw-wiz] Re: Ethics, morality and the industry"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <firewall-wizards@honor.icsalabs.com>
Date: Fri, 29 Oct 2004 17:07:05 -0500

Just curious,

In Mitnick's case, who were the victims that you would pay restitution to?
Not one of the corporations that claimed damages actually reported the
losses in their annual report. Based on that, Scott McNealey should be
sharing a jail cell with Martha Stewart and consequently no one should ever
listen to Mr. McNealey speak again, because after all, if he signed an
annual report that didn't reveal losses the size of what Sun claimed due to
Mitnick copying the source code then, he is a criminal.

The message I got from the original post wasn't whether reformed black hats
are good or bad or can even be reformed but that some people still have a
strong conviction in their own beliefs and are willing to forego $$$ in
exchange for standing behind those beliefs. I think that is a very admirable
trait and something that is quite rare today.

-----Original Message-----
From: firewall-wizards-admin@honor.icsalabs.com
[mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of Mark Teicher
Sent: Friday, October 29, 2004 1:19 PM
To: Paul D. Robertson; Paul Foster
Cc: firewall-wizards@honor.icsalabs.com; jseanor@avaya.com
Subject: Re: [fw-wiz] Re: Ethics, morality and the industry

Actually there is difference between Frank Abigale and Mitnick. After
serving a portion of his time, Frank Abigale went to work in designing
systems that are currently in use today. Mitnick, on the other hand, has
not contributed at that scale to help improve any of the systems he
supposedly broke into it, except to jump start a fledging security industry
in taking an interest in the types of ways Mitnick was successful in
defeating the security systems in place at the time. The Telecommunications
providers have yet to make all the recommended security improvements that
allowed Mitnick to accomplish what he did. Let's take a look at other
people who suffered the same sort of fate. Intel vs Randall Schwartz
(1993), Randal spoke at SANS a while back about his case on "What not to do
as a System Administrator". It was a very good talk, getting back on topic,
having former criminal speak at conference is not a crime, and they should
be rewarded for it, and there should be big statements, like this speaker's
honorium/fee is being collected to pay restitution to their victims.

/m

-----Original Message-----
From: "Paul D. Robertson" <paul@compuwar.net>
Sent: Oct 29, 2004 1:16 PM
To: Paul Foster <Paul.Foster@dmtsystems.net>
Cc: firewall-wizards@honor.icsalabs.com
Subject: Re: [fw-wiz] Re: Ethics, morality and the industry

On Fri, 29 Oct 2004, Paul Foster wrote:

> > To my mind the issue is that he's still *profiting* from his crimes.
> > That doesn't do justice to the victims, nor does it send the right
> > message IMO. Crime should not pay.
>
> How so? He talks about how he would exploit security systems, and
> this is his area of expertise. The guy spent many enjoyable years in
> jail (on his knees?) which does not sound like 'crime pays' to me.

It's also his area of criminality. That's not a good message- there are
*plenty* of good guys who have the same expertise who haven't created
victims who can give out the same information.

It worries me socially that the royal we tend to put these folks on
pedestals when they're nothing more than confidence tricksters who have no
special information or skills.

>
> > I think that the fettering should include profiting from whatever
> > badness the person did- hey, if he was lecturing on IPv6 security,
> > then I don't see as much of an issue.
>
> Perhaps he doesn't know squat about IPv6. If we prevent him from
> legally earning a buck on issues he does know, we could inadvertently
> be encouraging use of those skills illegally.

IMO, society would be better served if we *really* rehabilitated them.
Having them stand up in front of people and proclaim how great they were
when they were doing illegal activities seems to run counter-productive to
that to me.

He doesn't know squat about IPv6 because we're letting him cruise on
notoriety rather than making him go get a real job that doesn't profit from
his criminality. And yes, if he's so bent on doing wrong than on doing the
right thing, then let's let him commit more crime, and lock him up again-
because that means he's not reformed and shouldn't be out of jail.

> > I hope that in the future, CSI chooses its keynote speakers more
> > carefully.
>
> Should we bury our heads in the sand and not learn from people like this?

You can learn all there is to learn without paying them princely sums and
celebrating notoriety. There's both more value in what Howard Schmidt and
Bill Murray say than in what Abignale and Mitnick say, and a better overall
message for the industry and society to send by using them.

Paul
----------------------------------------------------------------------------
-
Paul D. Robertson "My statements in this message are personal opinions
paul@compuwar.net which may have no basis whatsoever in fact."
probertson@trusecure.com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Marcus J. Ranum: "[fw-wiz] Re: Ethics, morality, and mental retardation"
• In reply to: Mark Teicher: "Re: [fw-wiz] Re: Ethics, morality and the industry"
• Next in thread: \: "Re: [fw-wiz] Re: Ethics, morality and the industry"
• Reply: \: "Re: [fw-wiz] Re: Ethics, morality and the industry"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Silenced Casualties ... Soldier on soldier violence is all too common and most of ... And a special report generated in 2001 by the Miles ... Military sexual assault victims are subject to chaotic, if any, response ... In a poignant video interview on the Military Times website, Airman ... (alt.true-crime) Re: Gun control and rape - The myths and the facts ... > "Phil Smythe" wrote in a message ... >> respondents admit to being victims." ... You are disingenuous in the extreme and will happily ALTER ... the number of people who report violent victimizations to ... (talk.politics.guns) Something for Flaky to support ... been invited to attend the launch of a major report into collusion. ... Mr McCord, whose son Raymond Jnr was beaten to death by a UVF gang loyal ... "I think that it is important for innocent victims to stand together, ... into my son's murder is published before the end of the year." ... (soc.culture.irish) A piercing, fearful scream... ... A piercing, fearful scream. ... Ser's two other victims have left the flat where they were attacked ... A report by consultant psychiatrist Joshua Kua found that the 20-year- ... (soc.culture.singapore) Re: Two women attacked in separate incidents ... admittedly UNRELATED incidents to report on? ... All that means, Annie, is that the other victims were male, ... Do you seriously believe that there were NO other violent ... I think our society has *always* been numb to violence against men. ... (alt.true-crime)