Re: [fw-wiz] Re: Ethics, morality and the industry

From: \ (vin_at_theworld.com)
Date: 10/31/04

  • Next message: Jason Lewis: "Re: [fw-wiz] Securing a wireless network" 
    To: <alan@tympaniinc.com>, <firewall-wizards@honor.icsalabs.com>
Date: Sun, 31 Oct 2004 01:09:32 -0500

        It restores my faith in humanity to so often run across a
    message that is half nonsense and half common sense. Mind you,
    I'm an optimist, so I tend to see the glass half-full, and sustain my
    hope that rain and other weathering experience will fill it further in time.

        Alan Holmes <alan@tympaniinc.com> wrote:

    <snip>
    > Not one of the corporations that claimed damages actually reported the
    > losses in their annual report. Based on that, Scott McNealey should be
    > sharing a jail cell with Martha Stewart and consequently no one should
    > ever
    > listen to Mr. McNealey speak again, because after all, if he signed an
    > annual report that didn't reveal losses the size of what Sun claimed due
    > to
    > Mitnick copying the source code then, he is a criminal.

        This is childish nonsense. When there is evidence that some malicious
    little monster, human or maleware, has penetrated a corporate network,
    talented folk with real jobs are told to ignore their assigned tasks and
    search for evidence of loss or damage, repair what they can, ameliorate what
    they must, and built or install new defense lines as needed.
    .
        This sort of disaster managment entails very real losses: time, money,
    misdirected energies, and lost opportunities. Where in those annual
    reports, pray tell, would you like to see McNealy et al tally a dollar
    estimate for those unproductive and wasteful expenditures, Alan? Where
    would you tally the loss entailed in the work not done, the sales not made,
    and ideas unthought?

        I recall a lot of unsupported estimates of loss being bandied about when
    Mitnick was finally snared. As I recall, many of the numbers sounded silly.
    Whatever the butcher's bill really was, however, I've got to wonder what
    sort of babe in the woods innocent thinks there is no serious loss involved
    network intrusions; malware attacks; stolen software; confidential business
    and customer data changed or copied; corporate and personal reputations
    besmirched?

        Alan Holmes <alan@tympaniinc.com> also wrote:

    > The message I got from the original post wasn't whether reformed black
    > hats
    > are good or bad or can even be reformed but that some people still have a
    > strong conviction in their own beliefs and are willing to forego $$$ in
    > exchange for standing behind those beliefs. I think that is a very
    > admirable
    > trait and something that is quite rare today.

        This, I thought was nicely put.

        Professionals in this industry have been learning useful things about
    ethics from William Hugh Murray for 30-odd years, and the choice he and
    Howard Schmidt made in this situation was, as this discussion suggests,
    usefully thought-provoking.

        I would add only that such purposeful actions probably also reflect the
    admirable forbearance of their respective institutional patrons -- since the
    meager honorariums are not really what pays for the labor of most conference
    speakers of this caliber.

        Murray and Schmidt are, of course, preachers of a sort. For years, both
    have sought to infuse InfoSec with the principles essential for real
    professionalism. My own gut sense is that you would have to make such
    decisions on a case by case basis. In this case, I trust their judgement.

        Conference organizers are like publishers: they book whatever will sell.
    I hope the actions of Bill and Howard will effectively pressure those
    organizers to bring a more selective criteria to bear on their booking
    decisions.

        Personally, I think guys like Abagnale and Mitnick reek of
    self-aggrandizement and cheap thrills, but someone like Randall Schwartz --
    who was praised by someone in this thread -- is far more dangerous because
    of his long campaign to cloak his egregious behavior as an Intel contractor
    with a patina of remorseless self-righteousness. System admins who go bad
    worry me more than hackers.

        Malware authors, the arsonists of cyberspace, are a special case, but I
    haven't seen anyone yet celebrating their own orgy of distruction on the
    conference circuit. Of course, without someone like Murray or Schimdt
    drawing a moral line -- and their peers endorsing their decision -- I
    suspect we would see them too on a CSI conference program before long.

        "Netsky, Blaster, and me: What I did during my summer vacation and why
    it is all the users/vendors/network's fault that Cyberspace burnt."

    Suerte,
          _Vin

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Jason Lewis: "Re: [fw-wiz] Securing a wireless network"