Re: Re: Ethics, morality and the industry

[Christopher Hicks <chicks () chicks net>]

On Sun, 31 Oct 2004, Devdas Bhagat wrote:
> On 31/10/04 01:09 -0500, Vin McLellan wrote:
> <snip>
> >     Personally, I think guys like Abagnale and Mitnick reek of
> > self-aggrandizement and cheap thrills, but someone like Randall Schwartz --
> > who was praised by someone in this thread -- is far more dangerous because
> > of his long campaign to cloak his egregious behavior as an Intel contractor
> > with a patina of remorseless self-righteousness.  System admins who go bad
> > worry me more than hackers.

Randall's heart was in the right place even if his brain was MIA.  Calling 
him a sysadmin "gone bad" is just way off.  I've seen plenty of "sysadmins 
gone bad" doing BOFH-ish stuff to the employer that laid them off or 
wronged them in some other way.  Nothing Randall did smelt anything like 
that according to his account or Intel's.  Please refrain from trashing 
people that have already been trashed too much.  Piling on isn't nice.

> As I have heard of it, Randall was convicted because he did not have the
> authorization to run a password cracking program. It was never claimed
> that he actually broke in, destroyed or accessed confidential data,
> merely that he ran a program that would have enabled him to do so.

Ya.  He did what good sysadmins are supposed to do.

> He also did it to point out a known weakness (and that is still the 
> biggest weakness to enforcable security that we have). IIRC, he also ran 
> the crack program after telling management about it, and finding them 
> lax about the issue because it wasn't shown to be sufficiently 
> dangerous.

So he was proactive and did what consultants are usually supposed to do 
and in most cases encouraged to do: work around the bureaucratic rules of 
their hiring organization to get things done that organizational momentum 
and petty politics have otherwise prevented or dragged into a quagmire. 
For Intel to have taken the attitude they did was just stupid and 
self-destructive.  AMD processors are far better now anyway, so who needs 
Intel?  :)

Seriously.  If we're going to boycott somebody to make a moral stand then 
boycotting organizations that treat people the way Intel treated Randall 
would seem much more useful than boycotting a conference organizer. 
Circus organizers are expected put on spectacles and conference organizers 
are the modern circus.  Fortune 100 technology companies should be setting 
an example of being good corporate citizens.  Circus organizers thrive on 
controversy.  It can eat away at the Fortune 100 company in negative ways 
including driving down the stock price, affecting quarterly results, and 
generally shaming them into compliance.

--
</chris>

There are two ways of constructing a software design. One way is to make
it so simple that there are obviously no deficiencies. And the other way
is to make it so complicated that there are no obvious deficiencies.
 -- C.A.R. Hoare
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards