Re: [fw-wiz] Re: Ethics, morality and the industry

From: Christopher Hicks (chicks_at_chicks.net)
Date: 10/31/04

  • Next message: Darren Reed: "Re: [fw-wiz] IPv6 and firewall policies?" 
    To: Firewall Wizards Mailing List <firewall-wizards@honor.icsalabs.com>
Date: Sun, 31 Oct 2004 11:49:18 -0500 (EST)

    On Sun, 31 Oct 2004, Devdas Bhagat wrote:
    > On 31/10/04 01:09 -0500, Vin McLellan wrote:
    > <snip>
    >> Personally, I think guys like Abagnale and Mitnick reek of
    >> self-aggrandizement and cheap thrills, but someone like Randall Schwartz --
    >> who was praised by someone in this thread -- is far more dangerous because
    >> of his long campaign to cloak his egregious behavior as an Intel contractor
    >> with a patina of remorseless self-righteousness. System admins who go bad
    >> worry me more than hackers.

    Randall's heart was in the right place even if his brain was MIA. Calling
    him a sysadmin "gone bad" is just way off. I've seen plenty of "sysadmins
    gone bad" doing BOFH-ish stuff to the employer that laid them off or
    wronged them in some other way. Nothing Randall did smelt anything like
    that according to his account or Intel's. Please refrain from trashing
    people that have already been trashed too much. Piling on isn't nice.

    > As I have heard of it, Randall was convicted because he did not have the
    > authorization to run a password cracking program. It was never claimed
    > that he actually broke in, destroyed or accessed confidential data,
    > merely that he ran a program that would have enabled him to do so.

    Ya. He did what good sysadmins are supposed to do.

    > He also did it to point out a known weakness (and that is still the
    > biggest weakness to enforcable security that we have). IIRC, he also ran
    > the crack program after telling management about it, and finding them
    > lax about the issue because it wasn't shown to be sufficiently
    > dangerous.

    So he was proactive and did what consultants are usually supposed to do
    and in most cases encouraged to do: work around the bureaucratic rules of
    their hiring organization to get things done that organizational momentum
    and petty politics have otherwise prevented or dragged into a quagmire.
    For Intel to have taken the attitude they did was just stupid and
    self-destructive. AMD processors are far better now anyway, so who needs
    Intel? :)

    Seriously. If we're going to boycott somebody to make a moral stand then
    boycotting organizations that treat people the way Intel treated Randall
    would seem much more useful than boycotting a conference organizer.
    Circus organizers are expected put on spectacles and conference organizers
    are the modern circus. Fortune 100 technology companies should be setting
    an example of being good corporate citizens. Circus organizers thrive on
    controversy. It can eat away at the Fortune 100 company in negative ways
    including driving down the stock price, affecting quarterly results, and
    generally shaming them into compliance. 

    -- 
</chris>
There are two ways of constructing a software design. One way is to make
it so simple that there are obviously no deficiencies. And the other way
is to make it so complicated that there are no obvious deficiencies.
  -- C.A.R. Hoare
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
  • Next message: Darren Reed: "Re: [fw-wiz] IPv6 and firewall policies?"