Firewall Wizards mailing list archives
Re: Re: Ethics, morality and the industry
From: "\"Vin McLellan\"" <vin () theworld com>
Date: Sun, 31 Oct 2004 01:09:32 -0500
It restores my faith in humanity to so often run across a message that is half nonsense and half common sense. Mind you, I'm an optimist, so I tend to see the glass half-full, and sustain my hope that rain and other weathering experience will fill it further in time. Alan Holmes <alan () tympaniinc com> wrote: <snip>
Not one of the corporations that claimed damages actually reported the losses in their annual report. Based on that, Scott McNealey should besharing a jail cell with Martha Stewart and consequently no one should everlisten to Mr. McNealey speak again, because after all, if he signed anannual report that didn't reveal losses the size of what Sun claimed due toMitnick copying the source code then, he is a criminal.
This is childish nonsense. When there is evidence that some malicious little monster, human or maleware, has penetrated a corporate network, talented folk with real jobs are told to ignore their assigned tasks and search for evidence of loss or damage, repair what they can, ameliorate what they must, and built or install new defense lines as needed.
.This sort of disaster managment entails very real losses: time, money, misdirected energies, and lost opportunities. Where in those annual reports, pray tell, would you like to see McNealy et al tally a dollar estimate for those unproductive and wasteful expenditures, Alan? Where would you tally the loss entailed in the work not done, the sales not made, and ideas unthought?
I recall a lot of unsupported estimates of loss being bandied about when Mitnick was finally snared. As I recall, many of the numbers sounded silly. Whatever the butcher's bill really was, however, I've got to wonder what sort of babe in the woods innocent thinks there is no serious loss involved network intrusions; malware attacks; stolen software; confidential business and customer data changed or copied; corporate and personal reputations besmirched?
Alan Holmes <alan () tympaniinc com> also wrote:
The message I got from the original post wasn't whether reformed black hatsare good or bad or can even be reformed but that some people still have a strong conviction in their own beliefs and are willing to forego $$$ inexchange for standing behind those beliefs. I think that is a very admirabletrait and something that is quite rare today.
This, I thought was nicely put.Professionals in this industry have been learning useful things about ethics from William Hugh Murray for 30-odd years, and the choice he and Howard Schmidt made in this situation was, as this discussion suggests, usefully thought-provoking.
I would add only that such purposeful actions probably also reflect the admirable forbearance of their respective institutional patrons -- since the meager honorariums are not really what pays for the labor of most conference speakers of this caliber.
Murray and Schmidt are, of course, preachers of a sort. For years, both have sought to infuse InfoSec with the principles essential for real professionalism. My own gut sense is that you would have to make such decisions on a case by case basis. In this case, I trust their judgement.
Conference organizers are like publishers: they book whatever will sell. I hope the actions of Bill and Howard will effectively pressure those organizers to bring a more selective criteria to bear on their booking decisions.
Personally, I think guys like Abagnale and Mitnick reek of self-aggrandizement and cheap thrills, but someone like Randall Schwartz -- who was praised by someone in this thread -- is far more dangerous because of his long campaign to cloak his egregious behavior as an Intel contractor with a patina of remorseless self-righteousness. System admins who go bad worry me more than hackers.
Malware authors, the arsonists of cyberspace, are a special case, but I haven't seen anyone yet celebrating their own orgy of distruction on the conference circuit. Of course, without someone like Murray or Schimdt drawing a moral line -- and their peers endorsing their decision -- I suspect we would see them too on a CSI conference program before long.
"Netsky, Blaster, and me: What I did during my summer vacation and why it is all the users/vendors/network's fault that Cyberspace burnt."
Suerte, _Vin _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Re: Ethics, morality and the industry, (continued)
- Re: Re: Ethics, morality and the industry Marcus J. Ranum (Oct 29)
- Re: Re: Ethics, morality and the industry Paul Foster (Oct 29)
- Re: Re: Ethics, morality and the industry Marcus J. Ranum (Oct 29)
- Re: Re: Ethics, morality and the industry Marcus J. Ranum (Oct 29)
- Re: Re: Ethics, morality and the industry Marcus J. Ranum (Oct 29)
- Re: Re: Ethics, morality and the industry Paul Foster (Oct 29)
- Re: Re: Ethics, morality and the industry Paul D. Robertson (Oct 29)
- RE: Re: Ethics, morality and the industry Eugene Kuznetsov (Oct 29)
- Re: Re: Ethics, morality and the industry Mark Teicher (Oct 29)
- Re: Re: Ethics, morality and the industry Mark Teicher (Oct 29)
- RE: Re: Ethics, morality and the industry Alan Holmes (Oct 30)
- Re: Re: Ethics, morality and the industry "Vin McLellan" (Oct 31)
- Re: Re: Ethics, morality and the industry Devdas Bhagat (Oct 31)
- Re: Re: Ethics, morality and the industry Christopher Hicks (Oct 31)
- RE: Re: Ethics, morality and the industry Alan Holmes (Oct 30)