Firewall Wizards mailing list archives
Re: Re: Ethics, morality and the industry
From: Christopher Hicks <chicks () chicks net>
Date: Sun, 31 Oct 2004 11:49:18 -0500 (EST)
On Sun, 31 Oct 2004, Devdas Bhagat wrote:
On 31/10/04 01:09 -0500, Vin McLellan wrote: <snip>Personally, I think guys like Abagnale and Mitnick reek of self-aggrandizement and cheap thrills, but someone like Randall Schwartz -- who was praised by someone in this thread -- is far more dangerous because of his long campaign to cloak his egregious behavior as an Intel contractor with a patina of remorseless self-righteousness. System admins who go bad worry me more than hackers.
Randall's heart was in the right place even if his brain was MIA. Calling him a sysadmin "gone bad" is just way off. I've seen plenty of "sysadmins gone bad" doing BOFH-ish stuff to the employer that laid them off or wronged them in some other way. Nothing Randall did smelt anything like that according to his account or Intel's. Please refrain from trashing people that have already been trashed too much. Piling on isn't nice.
As I have heard of it, Randall was convicted because he did not have the authorization to run a password cracking program. It was never claimed that he actually broke in, destroyed or accessed confidential data, merely that he ran a program that would have enabled him to do so.
Ya. He did what good sysadmins are supposed to do.
He also did it to point out a known weakness (and that is still the biggest weakness to enforcable security that we have). IIRC, he also ran the crack program after telling management about it, and finding them lax about the issue because it wasn't shown to be sufficiently dangerous.
So he was proactive and did what consultants are usually supposed to do and in most cases encouraged to do: work around the bureaucratic rules of their hiring organization to get things done that organizational momentum and petty politics have otherwise prevented or dragged into a quagmire. For Intel to have taken the attitude they did was just stupid and self-destructive. AMD processors are far better now anyway, so who needs Intel? :)
Seriously. If we're going to boycott somebody to make a moral stand then boycotting organizations that treat people the way Intel treated Randall would seem much more useful than boycotting a conference organizer. Circus organizers are expected put on spectacles and conference organizers are the modern circus. Fortune 100 technology companies should be setting an example of being good corporate citizens. Circus organizers thrive on controversy. It can eat away at the Fortune 100 company in negative ways including driving down the stock price, affecting quarterly results, and generally shaming them into compliance.
-- </chris> There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies. -- C.A.R. Hoare _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Re: Ethics, morality and the industry, (continued)
- Re: Re: Ethics, morality and the industry Marcus J. Ranum (Oct 29)
- Re: Re: Ethics, morality and the industry Marcus J. Ranum (Oct 29)
- Re: Re: Ethics, morality and the industry Paul Foster (Oct 29)
- Re: Re: Ethics, morality and the industry Paul D. Robertson (Oct 29)
- RE: Re: Ethics, morality and the industry Eugene Kuznetsov (Oct 29)
- Re: Re: Ethics, morality and the industry Mark Teicher (Oct 29)
- Re: Re: Ethics, morality and the industry Mark Teicher (Oct 29)
- RE: Re: Ethics, morality and the industry Alan Holmes (Oct 30)
- Re: Re: Ethics, morality and the industry "Vin McLellan" (Oct 31)
- Re: Re: Ethics, morality and the industry Devdas Bhagat (Oct 31)
- Re: Re: Ethics, morality and the industry Christopher Hicks (Oct 31)
- RE: Re: Ethics, morality and the industry Alan Holmes (Oct 30)