Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Would you hire a hacker?

By ramses0 in News
Wed Feb 16, 2000 at 04:31:41 PM EST
Tags: etc (all tags)
/etc

An article reposted from Bruce Scheiner's Cryptogram Newsletter. It questions the wisdom of hiring @stake, the newly formed company populated by former l0pht members.

[editor's note, by rusty] I was puzzled by the connection between the ZDNet article and Cryptogram. The article is listed in the News section of the Feb. 15th CG. Hope that clears things up.


Security (especially internet security) has always fascinated me. From copy protection to nslookup and website hacking, reading about how something that shouldn't be possible was done is really entertaining. Almost like watching a magician do his or her work.

Personally, I'd love to have an honest to goodness hacker crawl through my system and point out and explain vulnerabilities. What would possibly be better is an automated tool to analyze possible attacks, but some guides written by "Rain Forest Puppy" such as how to hack a SQL site or perl and CGI vulnerabilities are just incredible to read. It really brings to a point how insecure most of the internet is.

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Related Links
o ZDNet
o article
o Cryptogram Newsletter
o @stake
o l0pht
o News
o how to hack a SQL site
o perl and CGI vulnerabilities
o Also by ramses0


Display: Sort:
Would you hire a hacker? | 18 comments (18 topical, editorial, 0 hidden)
Sure. I'd hire them, but I can't af... (none / 0) (#1)
by rusty on Wed Feb 16, 2000 at 04:55:45 PM EST

rusty voted 1 on this story.

Sure. I'd hire them, but I can't afford it. :-)

____
Not the real rusty

Re: Sure. I'd hire them, but I can't af... (none / 0) (#7)
by Inoshiro on Wed Feb 16, 2000 at 10:59:22 PM EST

Heheh.. . If you want, I could try and root your boxes for free. Of cource, if I can get root, I can fix the problems, and send you a nice administrative email ;-)

Of course, I'd only do this if you gave me official signed permission or some such.. and I'd let you know in advance.

The only problem is that a quick check of all open ports and related daemon versions would only be "surface" level, and wouldn't help if you had shell accounts that could see the "other side" of any possible firewalls which might have other insecure things loaded/open.

You'll also want to read the LASG (Linux Admin Security Guide) on seifried.org

--
[ イノシロ ]
[ Parent ]
Anyone who doesn't hire the locksmi... (none / 0) (#3)
by Inoshiro on Wed Feb 16, 2000 at 05:24:33 PM EST

Inoshiro voted 1 on this story.

Anyone who doesn't hire the locksmith to check their locks is a moron. Double for companies that sink or swim based on *cough* NT suckers *cough*. Bruce is obviously off on a tangent because he's afraid of the competition ;-)

--
[ イノシロ ]

Re: Anyone who doesn't hire the locksmi... (none / 0) (#13)
by bmetzler on Thu Feb 17, 2000 at 09:26:55 AM EST

Anyone who doesn't hire the locksmith to check their locks is a moron.

Yes, but would you hire a 3 time convicted felon to check your locks?

-Brent
www.bmetzler.org - it's not just a personal weblog, it's so much more.
[ Parent ]
Re: Anyone who doesn't hire the locksmi... (none / 0) (#15)
by Inoshiro on Thu Feb 17, 2000 at 10:36:29 AM EST

That's the thing, though. The l0pht people have done nothing that has been illegal. They're as illegal as CERT in that they put out advisories, and mention techniques of checking insecure software. They're no more "convicted felons" than a person who makes those keytools that allow you to play with tumblers.

--
[ イノシロ ]
[ Parent ]
Re: Anyone who doesn't hire the locksmi... (none / 0) (#18)
by bmetzler on Thu Feb 17, 2000 at 11:16:35 AM EST

The l0pht people have done nothing that has been illegal.

No, but perception is everything. Simply because people perceive them to be "evil" hackers, they won't want to do business with them. Even though the L0pht is probably the best security resource there is.

-Brent
www.bmetzler.org - it's not just a personal weblog, it's so much more.
[ Parent ]
Re: Anyone who doesn't hire the locksmi... (none / 0) (#16)
by Inoshiro on Thu Feb 17, 2000 at 10:37:07 AM EST

That's the thing, though. The l0pht people have done nothing that has been illegal. They're as illegal as CERT in that they put out advisories, and mention techniques of checking insecure software. They're no more "convicted felons" than a person who makes those keytools that allow you to play with tumblers.

--
[ イノシロ ]
[ Parent ]
Oops, ignore the dupe.. (none / 0) (#17)
by Inoshiro on Thu Feb 17, 2000 at 10:45:33 AM EST

The 'net or kuro5hin.org are being a bit balky, and I thought my original post request lost in cyberspace (hit post, and the browser spun its wheels for a few minutes until I hit stop -- and I'm on cable). Just stopped and hit post again, and found another feature request to make in scoop ;-)

--
[ イノシロ ]
[ Parent ]
Certainly all of us would have diff... (none / 0) (#5)
by Demona on Wed Feb 16, 2000 at 05:38:46 PM EST

Demona voted 1 on this story.

Certainly all of us would have different opinions on whether we would hire a hacker, and they'd all be valid from our own points of view. Good story, with lots of meat for discussion.

Although there is a point about hir... (none / 0) (#2)
by bmetzler on Wed Feb 16, 2000 at 06:04:16 PM EST

bmetzler voted 1 on this story.

Although there is a point about hiring hackers, I disagree. After all, it'd be like anit-virus companies writing viruses to seel their product. Why would you do business with someone who would hurt you. The problem with having hackers evaluate your system, is trust. How do you know that they won't "fix" it up for you, er, themselves. -Brent
www.bmetzler.org - it's not just a personal weblog, it's so much more.

Re: Although there is a point about hir... (none / 0) (#9)
by Paul Dunne on Thu Feb 17, 2000 at 05:20:34 AM EST

I get the impression that most hackers worthy of the name do what they do because they enjoy it. Cliff Stoll's miscreants, who tried to sell secrets to the KGB, were rather an exception. Apart from the mild frisson of being "outside the law", I'm sure most couldn't care less whether are breaking in to systems during their copious free time, or paid to do the same as a job of work.

Your analogy with anti-virus companies is an unfortunate one. Sure, I've never heard of them deliberately releasing a virus as a means of promoting sales. But they do stir up an awful lot of FUD -- see the Virus Myths Home Page -- which is about as ethical as going the whole hog.
http://dunne.home.dhs.org/
[ Parent ]

Why not? ... (none / 0) (#4)
by Strange Charmed One on Wed Feb 16, 2000 at 07:08:53 PM EST

Strange Charmed One voted 1 on this story.

Why not? Set a thief to catch a thief is an old maxim!
--
Feel the urge to put excessively cute little quotes into your .sig?

JUST SAY NO!

If you or one of your friends is frequently plagued by this tendency, Help IS available- Ask me how.

Duh? (none / 0) (#6)
by Nyarlathotep on Wed Feb 16, 2000 at 10:43:02 PM EST

Only a moron would not hire somone because they had *experence* in the field.

I'm more interested in the long term effects of discuraging kids from hacking (like the FBI is doing). Clearly, they could be pushed to code instead, but the lack of security *experence* could create problems down the road. Anyone thing the FBI's policies could decrease the future supply of good admins?

Campus Crusade for Cthulhu -- it found me!
Re: Would you hire a hacker? (none / 0) (#8)
by Paul Dunne on Thu Feb 17, 2000 at 05:10:58 AM EST

The l0pht are well worth hiring. They are smart fellows. End of story. But, someone should definitely hire Rain Forest Puppy, because, to judge from the quality of his investigations, he has way too much time on his hands. Perhaps he should consider a career in the FBI?
http://dunne.home.dhs.org/
Re: Would you hire a hacker? (none / 0) (#10)
by Paul Dunne on Thu Feb 17, 2000 at 05:23:15 AM EST

Well, having now read the article (cough, cough)... what a heap of shite! Anyone fancy writing a "John Taschek" story generator, along the lines of Katzdot?
http://dunne.home.dhs.org/
Re: Would you hire a hacker? (none / 0) (#11)
by Paul Dunne on Thu Feb 17, 2000 at 05:28:41 AM EST

A bit too soon for an article, not sure if it's worthy of an article anyway, but... on the subject of hackers, anyone else notice that geocities appears to be down? No prizes for guessing who owns geocities. Maybe someone out there really doesn't like Yahoo.
http://dunne.home.dhs.org/
Schneier Again (none / 0) (#12)
by Anonymous Hero on Thu Feb 17, 2000 at 06:46:44 AM EST

Schneier has his own information security firm.


Recently, he has been criticising a lot of other security firms.


Go figure.

Re: Schneier Again (none / 0) (#14)
by ramses0 on Thu Feb 17, 2000 at 09:53:57 AM EST

Schiener didn't actually criticize l0pht, just linked to an article which criticized them. Maybe that reasoning wouldn't hold up in court, but it's important to note that he didn't write the article.

--Robert
[ rate all comments , for great justice | sell.com ]
[ Parent ]
Would you hire a hacker? | 18 comments (18 topical, 0 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!