Firewall Wizards mailing list archives
Re: Re: Ethics, morality and the industry
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Fri, 29 Oct 2004 12:37:00 -0400
Paul Foster wrote:
IMO. Crime should not pay.How so? He talks about how he would exploit security systems, and this is his area of expertise. The guy spent many enjoyable years in jail (on his knees?) which does not sound like 'crime pays' to me.
It cost the taxpayers a hell of a lot of money to put him in jail, and even more to keep him there, and to put him back, etc. Meanwhile, his book is selling well - I can probably get the exact number from my publisher if it matters, but I'm sure he's made a pile off of it. A decent seller like that can net the author between $50,000 and $100,000 or even more. Not bad, considering that the book is basically an extended discussion of how much smarter than the reader (which is true - after all, they paid good money for the book...) Mitnick is. Speakers like Mitnick or Abnagnale, depending on their star trajectory, demand between $5,000 and $15,000 (and up - my guess is that when the movie came out, it was a whole lot more...) for a keynote. And basically, what are these guys selling? Are they selling solutions? No. Are they telling people, "Don't be a convicted criminal like me?" No. Are they telling people, "Here's a problem, and here's why it's hard to solve." Yes. But the bad news is we _already_ know about the problem and we _already_ know it's hard to solve. Getting inside the mind of the criminal is interesting but it's not super helpful. Use your brain for about 20 seconds and you can figure out 95% of social engineering. Do you really need the details about how stupid some of these guy's victims were? Do you really need the yuk-yuks? No; the message these clowns offer is not particularly valuable. If these guys had useful insights, they'd have been making loads of $$ as con$ultants or product builders, solving the problems that they chose, instead, to be part of. Hmmmm... Maybe they're not so smart, after all? Security practitioners have been around long enough to understand that there are some problems that are pretty much constants: trust, authorization, transitive trust, etc. They're like laws of physics: friction, inertia, etc. You don't see physicists paying lots of money to some rocket scientist who stands up and says, "Nyaa nyaaa nyaa! your bearings STILL have FRICTION!" -- having someone tell security practitioners that complex trust-based systems have authorization problems is about as useful. But you want to know who's really the idiot? The idiot is the person who plunks down good money for Mitnick's book, or pays a jacked-up conference attendance fee so some ex-con can stand there and say, "you are SO STUPID I can fool you ANY TIME" That's not just stupid - that's "double stupid" And then there's "triple stupid" which is trying to defend and justify the double stupids. :) mjr. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Re: Ethics, morality and the industry, (continued)
- Re: Re: Ethics, morality and the industry Paul D. Robertson (Oct 28)
- Re: Re: Ethics, morality and the industry Greg Skouby (Oct 29)
- Re: Re: Ethics, morality and the industry Paul D. Robertson (Oct 29)
- Re: Re: Ethics, morality and the industry Paul D. Robertson (Oct 28)
- Re: Ethics, morality and the industry Paul Foster (Oct 29)
- Re: Re: Ethics, morality and the industry Marcus J. Ranum (Oct 29)
- Re: Re: Ethics, morality and the industry Paul Foster (Oct 29)
- Re: Re: Ethics, morality and the industry Marcus J. Ranum (Oct 29)
- RE: Re: Ethics, morality and the industry MHawkins (Oct 29)
- Re: Re: Ethics, morality and the industry Paul Foster (Oct 29)
- RE: Re: Ethics, morality and the industry Paul D. Robertson (Oct 29)
- Re: Ethics, morality and the industry Paul Foster (Oct 29)
- Re: Re: Ethics, morality and the industry Marcus J. Ranum (Oct 29)
- Re: Re: Ethics, morality and the industry Paul Foster (Oct 29)
- Re: Re: Ethics, morality and the industry Marcus J. Ranum (Oct 29)
- Re: Re: Ethics, morality and the industry Marcus J. Ranum (Oct 29)
- Re: Re: Ethics, morality and the industry Marcus J. Ranum (Oct 29)
- Re: Re: Ethics, morality and the industry Paul Foster (Oct 29)
- Re: Re: Ethics, morality and the industry Paul D. Robertson (Oct 29)
- RE: Re: Ethics, morality and the industry Eugene Kuznetsov (Oct 29)
- RE: Re: Ethics, morality and the industry Alan Holmes (Oct 30)
- Re: Re: Ethics, morality and the industry "Vin McLellan" (Oct 31)