RE: [fw-wiz] Re: Ethics, morality and the industry

From: Mark Teicher (mht3_at_earthlink.net)
Date: 11/06/04

  • Next message: Jim Seymour: "RE: [fw-wiz] Re: Ethics, morality and the industry"
    To: "Bill Royds" <broyds@rogers.com>
    Date: Sat, 06 Nov 2004 09:33:12 -0700
    
    

    Since this thread has become somewhat de-stabilized anyways, here are some
    additions to Bill Royds' response:

    Most network security companies are moving away from the "Ethical Hacker"
    marketing slant or "We employ former Black-hat hackers or close to it" and
    have focused their marketing efforts on stating they offer Risk Mitigation
    Services.

    I have no idea what Risk Mitigation Services definition is, but what
    immediately comes to mind is "The Orkin Man" commercials, Some guy in a
    white protective suit shows up with big cans of Firewall Spray, Spam-Away
    and Hacker Repellant and sprays around the network jacks, the employee
    cubicles and sprays liberally on network interfaces and cracks in the
    network (credit for Firewall Spray, Spam-Away and Hacket Repellant to MJR)

    I am of a different opinion if your point that the very fact you acquired
    the knowledge to know something more than your management is what made them
    suspicious not that you had the ability to reproduce an exploit or a
    network intrusion. :)

    /cheers

    At 08:45 PM 11/5/2004, Bill Royds wrote:
    > One of the problems that giving such publicity to so many criminal
    > "ex-hackers"
    >is that it makes it much more difficult for honest security practitioners
    >to do
    >our job. I have never hacked into anything other than under the watchful
    >eye of
    >the system owner observing the possible flaws in his/her system while I
    >explained what a buffer overflow is, why default configurations are unsafe
    >etc.
    >But the very fact that I had this ability made me suspect in some people's
    >eyes.
    >Their attitude becomes "You know how computer systems work so you must have
    >learned that by criminal hacking like all those hackers in the news". This is
    >despite a university degree in computer science and 30 years worth of
    >experience
    >in computers. The presence of convicted criminals in the "computer security"
    >field means all members of that field are labelled "hackers" in the pejorative
    >sense, making it much harder to do our job.
    >
    >-----Original Message-----
    >From: firewall-wizards-admin@honor.icsalabs.com
    >[mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of Christopher
    >Hicks
    >Sent: Tuesday, November 02, 2004 2:21 PM
    >To: Firewall Wizards Mailing List; Adam Shostack
    >Cc: Stephen P. Berry; Paul Foster; Marcus J. Ranum; Paul D. Robertson
    >Subject: Re: [fw-wiz] Re: Ethics, morality and the industry
    >
    >On Tue, 2 Nov 2004, Adam Shostack wrote:
    > > On Mon, Nov 01, 2004 at 08:32:16PM -0800, Stephen P. Berry wrote:
    > > | >My self-deception is that a refresher is always good, especially as I
    > > | >find us practitioners sometimes fall into patterns of thinking.
    > > |
    > > | A quick grep through this thread indicates that Mitnick has been
    > mentioned
    > > | about two dozen times and Shimomura and Markoff have been mentioned
    > exactly
    > > | zero times. Discuss.
    > >
    > > So how many times has Abagnale been mentioned? Any correlation with
    > > the pro- or anti- boycotters to correctly name the speaker in
    > > question?
    >
    >Somebody should get on the stick and put up a survey. I'd love to see
    >what the silent and/or moderated-out majority feel about this sort of
    >thing.
    >
    >This has been one of the more stimulating and thought provoking
    >discussions on any mailing list I've been on recently. Thanks to
    >everybody for keeping it interesting and mostly above the belt.
    >
    >Kudos Paul (and or substitute moderators) for keeping it from getting out
    >of hand.
    >
    >--
    ></chris>
    >
    >There are two ways of constructing a software design. One way is to make
    >it so simple that there are obviously no deficiencies. And the other way
    >is to make it so complicated that there are no obvious deficiencies.
    > -- C.A.R. Hoare
    >_______________________________________________
    >firewall-wizards mailing list
    >firewall-wizards@honor.icsalabs.com
    >http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    >
    >_______________________________________________
    >firewall-wizards mailing list
    >firewall-wizards@honor.icsalabs.com
    >http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Jim Seymour: "RE: [fw-wiz] Re: Ethics, morality and the industry"

    Relevant Pages

    • Re: SuS "trojan" in XP -- Changes OS and creates "virtual" remote
      ... Network Configuration Operators are added to the DHCP service as well as the DNS client service. ... If I shut my computers off for a few days I get strange calls from foreign people asking for the wrong people that do not live here. ... They bond asynchronous RAS adapter to my local network card or use 6to4, teredo or another way thru VPN like Terminal Services, Imapi or Windows Messaging. ... I think the hacker uses some type of Bluetooth or Infrared hack that can link into my iPhone and somehow use my iPhone to manipulate my laptop. ...
      (microsoft.public.security)
    • Re: Looking for Opinions: NSA Reading Your Emails/Accessing Your Data
      ... The hacker might not be old enough to remember vulnerabilities ... Local network encryption probably doesn't help ... inside the house (the NSA would), but just attacks over the Internet. ... Many ISPs set up connections so that NAT gateways don't ...
      (sci.crypt)
    • Re: OT-How to hack smart meters
      ... warns that hackers can get into the meter via its wireless ... variety of communications devices, to listen in on wireless communications ... with the network and deduce over time how to communicate with the meters. ... him that "a hacker can use syringes to insert a needle into each side ...
      (rec.crafts.metalworking)
    • Hacker Space Fest 2009 CFP: Call For Paper
      ... /tmp/lab announces the second Hacker Space Festival ... historical role as the first official hack meeting there, ... Telecom Core Network Equipment Reverse Engineering: ...
      (Bugtraq)
    • Re: [Algorythm] Read-write on a shared file
      ... > Considering that the hacker can disassemble the code, ... > to remake his own program dealing with the network in his way. ... The master would then propogate the ... Changes to this private data can only ...
      (comp.os.linux.misc)