Full Disclosure mailing list archives
Re: Security Industry Under Scrutiny #4
From: ratel <ratel () mailvault com>
Date: Wed, 22 Jan 2003 23:44:12 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- On 22-Jan-2003 19:07:25 -0500, you wrote:
You have a clear point here. Knowing the enemy is essential.
Knowing yourself first is the real challenge.
But looking at it statistically, there are a lot of criminally
inclined
people, but only very few spies. People in intelligence are usually
very
dedicated but dull professionals, and would hardly qualify for this definition of spies.
You want to know the reason so many people in intelligence community today are plodding rule-followers who lack the imaginative spark essential for good analysis? All that Hoover-era Boy Scout BS in the Clearance Adjudication Manual constantly weeds out all but the very sharpest bastards who know how to beat the system at its own game. Darwinian selection. They "profile-out" the very people psychologically suited to catching anyone they really need to be worried about.
Maybe the people disappointed in intelligence work become hackers - nah, just kidding. These narcissistic, paranoid, antisocial
etc,
people do exist, but I doubt if there are many.
The Darwinian paradox again. Face it, Robert Hanssen's tradecraft sucked. If the people around him had been a little MORE paranoid, narcissistic and antisocial, the game would have been up for him a long, long time ago. There's a classic picture online somewhere of a "department group photo" which about says it all: everyone around him looks dumb, sleepy, complacent and pleased as punch, he's the only one in the whole goddamn picture with half a spark of life in his eyes. If we insist that only "normal, trustworthy" people are allowed to protect us, is it any wonder the wolves on all sides of the law have a field day? We must be getting the security we deserve. Disgusting, really.
Hence, the discussion about blackhats and whitehats cannot be that important. It does prove that in the IT security business we
are
narcissistic and paranoid - just looking at our own small world,
getting status by pointing out the risks to any one listening, seeing dangers under the bed. Yep. Speaking of malicious blackhats to worry about, I once heard a genuinely technically talented blackhat-turned-government researcher justify himself (after the obligatory "how COULD you!?")as he said with a shrug: "The government is going to steal my work anyway, why shouldn't they pay for it too?" Absolutely chilling logic, isn't it. The old Faustian bargain. His record is clean, who's going to stop him? So in the next great "crackdown" as thousands of blackhat/whitehat small-time losers get spied on, set up, jail sentences or worse, this bastard will be sitting pretty, far above it all, on his nice little government grant. Doing absolutely whatever he wants on his own time. Maybe not with an excessively large salary, but he'll be doing fine. People like this are the real threat. If the industry quit drumming up business by releasing exploits for stupid people--and causing enormous amounts of damage in the meantime--everyone might be able to concentrate on larger threats which are infinitely more important.
I think the scrutiny should be: why doesn't the industry go for the
real
issues in information security.
Because in the main they're a bunch of hypocritical, sleazy two-bit con-artists who'd prefer to get rich selling derivative snake oil (rather than doing something original and productive) to business consumers who's rather throw money at the problem and have a tidy "security solution" handed to them on a silver platter than educate their users on how to take responsibility for themselves? Maybe? Just a hunch. Ratel. -----BEGIN PGP SIGNATURE----- Version: MailVault 2.2 from Laissez Faire City http://www.mailvault.com iQA/AwUAPi9y3+YNtyh3zif9EQJNhQCfTWfAlnYBCb46x5Fr2w1cMoXfQtMAnRC/ rPO9oe5z9GFwsfCLxWqgRwgc =Wm3h -----END PGP SIGNATURE-----
Current thread:
- Re: Security Industry Under Scrutiny #4, (continued)
- Re: Security Industry Under Scrutiny #4 Day Jay (Jan 21)
- Re: Security Industry Under Scrutiny #4 Silvio Cesare (Jan 21)
- Re: Security Industry Under Scrutiny #4 Day Jay (Jan 21)
- Re: Security Industry Under Scrutiny #4 Anonymous (Jan 21)
- Re: Security Industry Under Scrutiny #4 The Hawklord (Jan 21)
- Re: Security Industry Under Scrutiny #4 hellNbak (Jan 21)
- Re: Security Industry Under Scrutiny #4 Ron DuFresne (Jan 22)
- Re: Security Industry Under Scrutiny #4 hellNbak (Jan 21)
- Re: Security Industry Under Scrutiny #4 sockz loves you (Jan 21)
- Re: Security Industry Under Scrutiny #4 Anonymous (Jan 21)
- Security Industry Under Scrutiny #4 ratel (Jan 22)
- Re: Security Industry Under Scrutiny yossarian (Jan 22)
- Re: Security Industry Under Scrutiny #4 ratel (Jan 23)