Information Security News mailing list archives
King of the hackers
From: InfoSec News <isn () C4I ORG>
Date: Fri, 22 Dec 2000 02:40:01 -0600
http://www.upside.com/Opinion/3a4126761.html Upside New England December 21, 2000 12:00 AM PT by Geoffrey James BOSTON -- I met the mysterious Doctor Mudge on the doorstep of Bob Metcalfe's townhouse on Beacon Street in the fashionable Back Bay area of Boston. You've probably heard about Metcalfe -- he invented Ethernet, among other things -- but you might not be as familiar with Mudge, who remains a somewhat mysterious figure. He is, according to some, the king of the hackers, and a man who's managed to parlay that expertise into big bucks from the corporate world. The reason that we were standing on a doorstep was because Mudge was smoking a cigarette, which he held between his third and fourth fingers -- a style that I hadn't seen since I left Los Angeles 12 years earlier. Indeed, Mudge looked like a character from bygone times with his beard and moustache, long hair flowing down past his shoulders -- a younger image of the guys I used to hang with back when I was the junior dude in an OS development group in the late 1970s. The reason we were standing on Bob Metcalfe's particular doorstep was that Metcalfe was hosting a party celebrating Boston's most prominent Internet celebrities. Unlike myself, Mudge was one of the honorees, having won been named No. 40 (out of 40) in the Improper Bostonian, a biweekly magazine that's the arbiter of cool in the Boston area. Under Mudge's arm was an extremely attractive young lady who was dressed in retro-crunchy chic. Searching around for a conversation starter, I asked: "Why did you become a hacker?" He took a long drag on the 'rette, blew a smoke ring and glanced at the girl. "I got into it because of the chicks, man." The chick smiled. In case you're wondering, I'm not making this up. Hacker with a cause If Mudge seemed a little cocky, it's probably because he was just about to close a deal to become the vice president of R&D for @stake, a firm that "builds comprehensive security architectures to minimize the impact of viruses, malicious attacks and other threats." Until then, Mudge had made something of a career out pissing off the high(-tech) and mighty by telling the world how to break into their computer systems. His organization, L0pht Heavy Industries, had a history of poking and prodding at other folks' software, discovering security holes that a more vicious subspecies of hacker might exploit to steal credit-card information, for example. Mudge claims L0pht published technical information on security problems because it discovered software vendors were perfectly willing to leave their customers vulnerable -- even after Mudge informed them of the security flaw. "Without us publishing the information on the Web, the vendors would just bury it," explains Mudge. "And the customers wouldn't even be aware that there was a problem." But forcing big-shot companies like Microsoft (MSFT) to drop everything and fix security holes before Internet villains could exploit them didn't exactly make Mudge into Mr. Popularity. Nor did the Internet-will-change-the-world crowd exactly break into applause when Mudge told Congress the Internet was so fragile that he and his pals could bring the whole thing crashing down in about "half an hour." Hiring credibility To obtain the credibility Mudge needed to make @stake into a real venture, he managed to attract, as chairman of the board, a man named John Rando, who used to be VP of services at Digital Equipment, where "he controlled $6 billion in yearly revenue," says Eric Rocco, vice president at market research firm Dataquest's Lowell-based IT Services group. Rocco adds that Rando is considered "a top-notch industry executive." Rando was known at DEC as the one manager who could get things done inside what was probably the most Byzantine management structure since, well, Byzantium. Still, Rando isn't exactly the kind of guy you'd expect to find hanging out with Mudge and his tattooed and body-pierced crew, any more than you'd expect to find Tony Bennett jamming with Marilyn Manson. Let's face it, for a guy like Rando, a walk on the wild side is taking an afternoon off to play a round of golf. Mudge admits he was a bit uneasy when he met Rando. "A little voice inside me said, 'Suit, uh-oh, suit.'" But Mudge claims Rando understood the L0pht concept very quickly, and Mudge feels confident the relationship will work well. Mudge points out that Rando's enormous industry credibility will prove useful, especially when working through the inevitable relationship problems that occur when one company is in the business of criticizing the work of another. The secret of his true identity Ultimately, Mudge believes security problems are dangerous and need to be fixed and that forming a new company with industry heavyweights is the best way to ensure his "gray-hat" hackers have a positive impact on the world. And, in any case, Mudge is used to dealing with guys in suits. Mudge recently was seen hanging around with Vice President Al Gore, who reportedly joked with Mudge about inventing the Internet. Despite the fact that he's basically gone legit, Mudge keeps his true identity secret. Rumor has it that Mudge, far from being a former MIT lab rat, is actually a student at a "major Boston-based school of music." Mudge doesn't feel that the ersatz anonymity is a publicity ploy because "when you're explaining security ramifications, it's nice to be able to stand up and not worry about companies harassing you." He knows of several instances when employees reporting security problems were squelched by their management at the insistence of the vendors who sold the company the software. There may be another reason Mudge is hanging onto the pseudonym, though. The fact that few know his true identity would give Mudge the ability to slip quietly into the woodwork if, for some reason, he finds that the @stake venture (which is proving to be successful) finally begins to lose his interest. If that happens, who knows? Maybe next time he surfaces, he'll be jamming with Tony Bennett. ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- King of the hackers InfoSec News (Dec 22)