Re: [fw-wiz] Re: Ethics, morality and the industry
From: \ (vin_at_theworld.com)
To: <firstname.lastname@example.org>, <email@example.com> Date: Sun, 31 Oct 2004 01:09:32 -0500
It restores my faith in humanity to so often run across a
message that is half nonsense and half common sense. Mind you,
I'm an optimist, so I tend to see the glass half-full, and sustain my
hope that rain and other weathering experience will fill it further in time.
Alan Holmes <firstname.lastname@example.org> wrote:
> Not one of the corporations that claimed damages actually reported the
> losses in their annual report. Based on that, Scott McNealey should be
> sharing a jail cell with Martha Stewart and consequently no one should
> listen to Mr. McNealey speak again, because after all, if he signed an
> annual report that didn't reveal losses the size of what Sun claimed due
> Mitnick copying the source code then, he is a criminal.
This is childish nonsense. When there is evidence that some malicious
little monster, human or maleware, has penetrated a corporate network,
talented folk with real jobs are told to ignore their assigned tasks and
search for evidence of loss or damage, repair what they can, ameliorate what
they must, and built or install new defense lines as needed.
This sort of disaster managment entails very real losses: time, money,
misdirected energies, and lost opportunities. Where in those annual
reports, pray tell, would you like to see McNealy et al tally a dollar
estimate for those unproductive and wasteful expenditures, Alan? Where
would you tally the loss entailed in the work not done, the sales not made,
and ideas unthought?
I recall a lot of unsupported estimates of loss being bandied about when
Mitnick was finally snared. As I recall, many of the numbers sounded silly.
Whatever the butcher's bill really was, however, I've got to wonder what
sort of babe in the woods innocent thinks there is no serious loss involved
network intrusions; malware attacks; stolen software; confidential business
and customer data changed or copied; corporate and personal reputations
Alan Holmes <email@example.com> also wrote:
> The message I got from the original post wasn't whether reformed black
> are good or bad or can even be reformed but that some people still have a
> strong conviction in their own beliefs and are willing to forego $$$ in
> exchange for standing behind those beliefs. I think that is a very
> trait and something that is quite rare today.
This, I thought was nicely put.
Professionals in this industry have been learning useful things about
ethics from William Hugh Murray for 30-odd years, and the choice he and
Howard Schmidt made in this situation was, as this discussion suggests,
I would add only that such purposeful actions probably also reflect the
admirable forbearance of their respective institutional patrons -- since the
meager honorariums are not really what pays for the labor of most conference
speakers of this caliber.
Murray and Schmidt are, of course, preachers of a sort. For years, both
have sought to infuse InfoSec with the principles essential for real
professionalism. My own gut sense is that you would have to make such
decisions on a case by case basis. In this case, I trust their judgement.
Conference organizers are like publishers: they book whatever will sell.
I hope the actions of Bill and Howard will effectively pressure those
organizers to bring a more selective criteria to bear on their booking
Personally, I think guys like Abagnale and Mitnick reek of
self-aggrandizement and cheap thrills, but someone like Randall Schwartz --
who was praised by someone in this thread -- is far more dangerous because
of his long campaign to cloak his egregious behavior as an Intel contractor
with a patina of remorseless self-righteousness. System admins who go bad
worry me more than hackers.
Malware authors, the arsonists of cyberspace, are a special case, but I
haven't seen anyone yet celebrating their own orgy of distruction on the
conference circuit. Of course, without someone like Murray or Schimdt
drawing a moral line -- and their peers endorsing their decision -- I
suspect we would see them too on a CSI conference program before long.
"Netsky, Blaster, and me: What I did during my summer vacation and why
it is all the users/vendors/network's fault that Cyberspace burnt."
firewall-wizards mailing list