Firewall Wizards mailing list archives
RE: Re: Ethics, morality and the industry
From: Mark Teicher <mht3 () earthlink net>
Date: Sat, 06 Nov 2004 09:33:12 -0700
Since this thread has become somewhat de-stabilized anyways, here are some additions to Bill Royds' response:
Most network security companies are moving away from the "Ethical Hacker" marketing slant or "We employ former Black-hat hackers or close to it" and have focused their marketing efforts on stating they offer Risk Mitigation Services.
I have no idea what Risk Mitigation Services definition is, but what immediately comes to mind is "The Orkin Man" commercials, Some guy in a white protective suit shows up with big cans of Firewall Spray, Spam-Away and Hacker Repellant and sprays around the network jacks, the employee cubicles and sprays liberally on network interfaces and cracks in the network (credit for Firewall Spray, Spam-Away and Hacket Repellant to MJR)
I am of a different opinion if your point that the very fact you acquired the knowledge to know something more than your management is what made them suspicious not that you had the ability to reproduce an exploit or a network intrusion. :)
/cheers At 08:45 PM 11/5/2004, Bill Royds wrote:
One of the problems that giving such publicity to so many criminal "ex-hackers" is that it makes it much more difficult for honest security practitioners to do our job. I have never hacked into anything other than under the watchful eye ofthe system owner observing the possible flaws in his/her system while Iexplained what a buffer overflow is, why default configurations are unsafe etc. But the very fact that I had this ability made me suspect in some people's eyes.Their attitude becomes "You know how computer systems work so you must have learned that by criminal hacking like all those hackers in the news". This isdespite a university degree in computer science and 30 years worth of experiencein computers. The presence of convicted criminals in the "computer security" field means all members of that field are labelled "hackers" in the pejorative sense, making it much harder to do our job. -----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Christopher Hicks Sent: Tuesday, November 02, 2004 2:21 PM To: Firewall Wizards Mailing List; Adam Shostack Cc: Stephen P. Berry; Paul Foster; Marcus J. Ranum; Paul D. Robertson Subject: Re: [fw-wiz] Re: Ethics, morality and the industry On Tue, 2 Nov 2004, Adam Shostack wrote: > On Mon, Nov 01, 2004 at 08:32:16PM -0800, Stephen P. Berry wrote: > | >My self-deception is that a refresher is always good, especially as I > | >find us practitioners sometimes fall into patterns of thinking. > |> | A quick grep through this thread indicates that Mitnick has been mentioned > | about two dozen times and Shimomura and Markoff have been mentioned exactly> | zero times. Discuss. > > So how many times has Abagnale been mentioned? Any correlation with > the pro- or anti- boycotters to correctly name the speaker in > question? Somebody should get on the stick and put up a survey. I'd love to see what the silent and/or moderated-out majority feel about this sort of thing. This has been one of the more stimulating and thought provoking discussions on any mailing list I've been on recently. Thanks to everybody for keeping it interesting and mostly above the belt. Kudos Paul (and or substitute moderators) for keeping it from getting out of hand. -- </chris> There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies. -- C.A.R. Hoare _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Re: Ethics, morality and the industry Stephen P. Berry (Nov 02)
- Re: Re: Ethics, morality and the industry Paul D. Robertson (Nov 02)
- Re: Re: Ethics, morality and the industry Adam Shostack (Nov 02)
- Re: Re: Ethics, morality and the industry Christopher Hicks (Nov 04)
- RE: Re: Ethics, morality and the industry Bill Royds (Nov 07)
- RE: Re: Ethics, morality and the industry Mark Teicher (Nov 07)
- Hacker Repellant - was RE: Re: Ethics, morality and the industry Marcus J. Ranum (Nov 08)
- RE: Re: Ethics, morality and the industry Jim Seymour (Nov 07)
- RE: Re: Ethics, morality and the industry David Lang (Nov 08)
- RE: Re: Ethics, morality and the industry Steffen Kluge (Nov 08)
- Re: Re: Ethics, morality and the industry ArkanoiD (Nov 12)
- Re: Re: Ethics, morality and the industry Christopher Hicks (Nov 04)
- <Possible follow-ups>
- Re: Ethics, morality and the industry Margles (Nov 04)
- RE: Re: Ethics, morality and the industry Melson, Paul (Nov 10)
- Re: Re: Ethics, morality and the industry ArkanoiD (Nov 12)
- Re[2]: Re: Ethics, morality and the industry gmx (Nov 13)
- Re[2]: Re: Ethics, morality and the industry Paul D. Robertson (Nov 13)
- Re[2]: Re: Ethics, morality and the industry gmx (Nov 13)