Don Parker, 2007-10-10
The world of computer security can often be a strange and compelling one. Many outsiders, or those with little knowledge of computers, just don’t understand the whole uproar over various issues, such as whether Microsoft Vista is more secure then Linux or Mac. It’s all moot as far as the general population is concerned. But, for those of us who work in the industry, it is just more grist for the mill.
Colapse all |
Post comment
Of hackers and ego
2007-10-11
HAL
HAL
Don, your comments are really on the mark. I would add that you've hit on part of the equation that is starting to matter more and more, the human half of the computer/human interaction. As human actions are shown to matter just as much as defects in systems [code/configs/architecture], protocols of...
[ more ] [ reply ]
[ more ] [ reply ]
Of hackers and ego
2007-10-11
Anonymous
Anonymous
Lynn was not forced out of his job. He quit. He quit because ISS had entered a contract with cisco. As part of ISS, he analyzed ciscos IOS, and found a way to execute arbitrary code. He also said that much of his research came from papers in the .cn underground.
He gave cisco all the details ...
[ more ] [ reply ]
He gave cisco all the details ...
[ more ] [ reply ]
Of hackers and ego
2007-10-11
Anonymous
Anonymous
Regarding what you said about Lynn: If the vendors are going to be babies and complain when someone posts a vuln for their products, they get what they deserve. Personally, I'd rather see a post to FD (or the equivalent) than have some researcher/company/group/etc stockpiling 0day and not telling an...
[ more ] [ reply ]
[ more ] [ reply ]
Of hackers and ego
2007-10-11
Jason Gunnoe
Jason Gunnoe
This is a good article. I couldn't agree more. One of the most difficult decisions that I've had to make in my relatively short career in information security was to go from a security geek to a CISO. The latter is very different. It can be compared to changing from being a big fish in a small p...
[ more ] [ reply ]
[ more ] [ reply ]
You misunderstand Lynn's work
2007-10-11
dragonfrog
dragonfrog
Michael Lynn did not claim to have found an exploit in IOS. He was quite clear that he was giving his demo using an old, patched exploit, so there should be no reason for anyone to be endangered by his work.
What he was revealing was research (and very good research it was) into IOS shellcode - ...
[ more ] [ reply ]
What he was revealing was research (and very good research it was) into IOS shellcode - ...
[ more ] [ reply ]
Of hackers and ego
2007-10-12
secure_it_y
secure_it_y
Leet will be a leet what ever one might do. The corporate or the business culture rather corrupts his skills.
You cannot do without having a few of them around in the organisation.
The management should have a way to handle these guys, remember you cannot love them, you cannot hate them either.
...
[ more ] [ reply ]
You cannot do without having a few of them around in the organisation.
The management should have a way to handle these guys, remember you cannot love them, you cannot hate them either.
...
[ more ] [ reply ]
Of hackers and ego
2007-10-12
Anonymous
Anonymous
Regarding the contractor, I do see your point but I do know people who can flip from "corp-speak" to "leet-speak" depending on whom they are talking to. Personally I'm somewhere in the middle, I've been known to use a bit of "leet-speak" talking to fellow testers, but don't use that when speaking t...
[ more ] [ reply ]
[ more ] [ reply ]
skillz.
2007-10-12
batz
batz
One of the most common complaints in tech right now is that the key challenge in the security business is finding people with talent.
However, it's not talented people who are hard to find, but talented professionals. Hacking is an amateur pursuit, which means countless hours dedicated to solving...
[ more ] [ reply ]
However, it's not talented people who are hard to find, but talented professionals. Hacking is an amateur pursuit, which means countless hours dedicated to solving...
[ more ] [ reply ]
Companies Must Patch Issues In A Timely Manner
2007-10-12
Anonymous (1 replies)
Anonymous (1 replies)
If a company refuses to work in a timely manner to patch vulnerabilities identified by researchers that are then revealed to them through responsible disclosure practices, what choice does a researcher have in attempting to force the company to fix the issues that leave national (and in this case wo...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Companies Must Patch Issues In A Timely Manner
2007-10-16
Anonymous
Anonymous
So you're saying that if someone finds a 0day in a product, write a realible working exploit for it, and then uses the word 'pwned' to describe what he did, he's no longer a professional? Seems a bit dubious. I'd rather have someone on my team who has a history of finding vulns and coding exploits t...
[ more ] [ reply ]
[ more ] [ reply ]
Of hackers and ego
2007-10-13
Anonymous (1 replies)
Anonymous (1 replies)
There is indeed way too much in the way of ostentatious demonstrations of ego in almost any conflict based security related industry. Because it is in many ways a martial art, we see puerile re-enactments of this in the field of battle and in training areas everywhere.
One experience I had with ...
[ more ] [ reply ]
One experience I had with ...
[ more ] [ reply ]
Of hackers and ego: Agree (mostly)
2007-10-15
Dr. Neal Krawetz
Dr. Neal Krawetz
Don Parker wrote, "you must also possess excellent business savvy and people skills."
I fully agree with this. The biggest problem if that security is a relatively new field. As such, primadonas get as much face-time as experts with people skills. Moreover, the issue is not just the people findin...
[ more ] [ reply ]
I fully agree with this. The biggest problem if that security is a relatively new field. As such, primadonas get as much face-time as experts with people skills. Moreover, the issue is not just the people findin...
[ more ] [ reply ]
Of hackers and ego
2007-10-16
Anonymous (1 replies)
Anonymous (1 replies)
This article is boring.
"Being smart is a good way to start" ?
You've basically brought about the notion that all of these smart people aren't sociable enough to interact with on average. However, being smart is a good way to start. Confusing.
I think what's obvious here is t...
[ more ] [ reply ]
"Being smart is a good way to start" ?
You've basically brought about the notion that all of these smart people aren't sociable enough to interact with on average. However, being smart is a good way to start. Confusing.
I think what's obvious here is t...
[ more ] [ reply ]
Re: Of hackers and ego
2007-10-17
Don Parker (1 replies)
Don Parker (1 replies)
Hi anonynous,
Please read my comments inline to yours,
"I'd comment on Michael Lynn and Matasano, but there's too much to type. You clearly don't understand what is going on around you, or fail to dig deep enough at the very least."
A fair comment. Please do fill me in though, I don't prete...
[ more ] [ reply ]
Please read my comments inline to yours,
"I'd comment on Michael Lynn and Matasano, but there's too much to type. You clearly don't understand what is going on around you, or fail to dig deep enough at the very least."
A fair comment. Please do fill me in though, I don't prete...
[ more ] [ reply ]
Re: Re: Of hackers and ego
2007-10-18
Anonymous
Anonymous
Don, you're right and I apologize. My final comments were more of an indication as to how my day was going than it was meant to be aimed towards you as a professional.
Some others did comment after me to fill-out details regarding Michael Lynn and Matasano that were spot-on:
- What Lynn...
[ more ] [ reply ]
Some others did comment after me to fill-out details regarding Michael Lynn and Matasano that were spot-on:
- What Lynn...
[ more ] [ reply ]
Of hackers and ego
2007-10-16
IbeUID0
IbeUID0
Absolutely agree with the premise, especially your statement "not an ideal situation to have." Ideally, everyone would be able to be placed in front of a client. In the real world, very often highly specialized technical folks of all disciplines need hand holding in dealing with customers. That's...
[ more ] [ reply ]
[ more ] [ reply ]
Of hackers and ego
2007-11-01
Anonymous
Anonymous
I have worked myself out of a job. I did not know I even had a job. Looking at this screen is my sanity. It appears they now have taken that too. I only wonder who is the next me out there right now, romancing the queries and gliding the fingertips ever so emotionally over the keyboard. How is this ...
[ more ] [ reply ]
[ more ] [ reply ]
Of hackers and ego
2007-11-02
Gandalf
Gandalf
my idea is the same as Don's.
There is a difference when handling a security incident , on a personal LAN and bragg about it to friends, ....
to a scheduled Security Audit , which is being paid by a corporation and they expect proffessionals, privacy, and a certain way of presenting things.
T...
[ more ] [ reply ]
There is a difference when handling a security incident , on a personal LAN and bragg about it to friends, ....
to a scheduled Security Audit , which is being paid by a corporation and they expect proffessionals, privacy, and a certain way of presenting things.
T...
[ more ] [ reply ]
So then, Don Parker... Are you saying it's time that we all bend over for the large corporations?
What Michae...
[ more ] [ reply ]