Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Will the real hacker please stand up and raise their hand
From: "Arian J. Evans" <arian.evans () anachronic com>
Date: Fri, 14 Jul 2006 12:29:23 -0500

I'm sorry, there's good & bad people out there, and I've worked
for the bad kinds of folks Terry described, and while I could
fill pages with sadly amusing anecdotes: that's life.

There's also good folks out there to work for/with, and you
simply have to look a little harder to find them.

Yes, shameless self-promotion and over-committal BS wins most
of the time; you should hear my friends in the pharmaceutical
industry rant about this *same* subject. Except, they have
a heck of a lot more Riding on their management's mistakes
than an unfixed XSS or CSRF.

Nothing unique about our industry vs. say accounting, except
maybe about 600 years of formalized practice.

I've gotten to sit beside PHD's who talk all day about network
security concepts, but cannot run a sniffer to save their life,
and I've worked with folks who would pick the PHD over the
experienced professional to run the sniffer every time. </shrug>

So if it bugs you, go get a PHD and be both.

Mark: I am curious though, I'm headed to BlackHat next month,
and who is it that you recommend I should be trying to meet?

Arian J. Evans
+1.913.378.3571 [mobile]

"See? That was nothing.
But that's how it always begins.
Very small." -Egg Shen


-----Original Message-----
From: Mark Teicher [mailto:mht3 () earthlink net] 
Sent: Thursday, July 13, 2006 3:36 PM
To: Terry; pen-test () securityfocus com
Subject: RE: Will the real hacker please stand up and raise their hand

But why one doubt a Ph.D. (CISSP, IAM, CCNP, CCDA, CCNA, ACE, 
CCSA, CCSE, and MCSE) who gained access to a database at 
Roswell in the early 90's  Almost like a person who spent 
over 10 years with the Federal Government perfecting the 
skills which enable him to be called "one of the first 
CYBERSPACE private investigators". 

Makes you want to attend BlackHat and actually meet and greet 
a real bonafide grey/black hat hacker. :)

-----Original Message-----
From: Terry <tvernon24 () comcast net>
Sent: Jul 13, 2006 3:56 PM
To: 'Mark Teicher' <mht3 () earthlink net>, pen-test () securityfocus com
Subject: RE: Will the real hacker please stand up and raise 
their hand


Just recently, I worked at a company whose main client was 
the DoD. When I
was being scouted I heard many promises and things that 
peaked the interest
of an ex-mischief maker. When I got the job I soon realized 
that the man
running the show was a huge fraud who claimed many accolades 
above my own.
Everything he said about his technical past was a lie and to 
make things
worse, whenever he talked about me openly he hyped me up to 
be something I'm
not from my past reputation. In the end he stopped 
pretending to be my ally
and I got railroaded but it didn't come without a price to 
them. When I
think about the whole mess now all I see is how shameless 
self promotion and
lies can get you anywhere, even a contract with the upper 
rungs of our
government. Today I surely think the agents in which were 
involved have
smartened up to this pretend company.

My example here is I've made myself a bad name being your 
typical black hat.
When I turn it all around into a useful thing for society 
nobody wants to
hire me except liars and frauds. The things many of us on 
this list know can
save a company millions, the sad part is we get picked up by bullshit
artists that cheapen the art in which we're skilled. I am 
saddened when I
think about all the huge liars and morons that put "Network Security
Engineer" on their business card. Most people who look at my 
resume aren't
qualified enough to read it, so I get overlooked because of 
their ignorance
in my field and they pick based on who went to the best 
school. I'm probably
not alone in this plight.

/end rant
/dance

-Terry

-----Original Message-----
From: Mark Teicher [mailto:mht3 () earthlink net] 
Sent: Thursday, July 13, 2006 7:23 AM
To: pen-test () securityfocus com
Subject: Will the real hacker please stand up and raise their hand

Every once in a while, I read a story on the Internet, that 
just doesn't add
up, as listed below, it appears most organization, 
enterprise type companies
have policies preventing the hiring of known or identified 
computer security
type people, other companies hire them openly or make up 
some impressive
press statements stating they have hired one with rootfu or 
some sort of
skillz, whatever they might be..

You be the judge after the reading the attached article.. 

-------- Original Message --------
Subject: [ISN] Hackers and Employment
Date: Thu, 13 Jul 2006 03:15:11 -0500 (CDT)
From: InfoSec News <alerts () infosecnews org>
Organization: InfoSec News - http://www.infosecnews.org/
To: isn () infosecnews org

http://www.line56.com/articles/default.asp?ArticleID=7766

By Demir Barlas
Line56
July 12, 2006

The reason many of us who grew up outside America found this country
charming and worthy of emulation was its principles, at 
least as projected
on the movie screen. You can argue about their politics, but the
characters portrayed by John Wayne, for instance, operated 
according to a
fixed code of ethics. They stood for what they considered right; they
never cheapened or sold themselves; and they lived (and died) with
integrity.

I encountered this America before I actually came here.

Perhaps this is why it is so easy for me to see what 
native-born Americans
cannot understand about that their own country: that it is 
rapidly falling
into decadence. When I say this, I'm not referring to some declining
standard of collective religious morality, but rather to personal
morality. All too many Americans stand ready to pimp 
themselves, and the
system is now designed to reward rather than discourage 
them. This is an
arrangement that the rest of the world rightly considers 
hypocritical and,
despite all talk of globalism, will never emulate.

Let me give an example. I recently got an e-mail from Avaya, 
one of whose
employees, Tom Porter, was leading a security team at the 
World Cup. The
e-mail proudly advertises Porter as a "a former hacker [who] 
got into the
U.S. government database on Roswell in the early 90s." Now 
he has been
able to have a highly visible and well-paying job as chief 
of Internet
security for FIFA and Avaya.

As soon as I got this e-mail, I recalled the case of Frank 
Abagnale, Jr.,
the fraudster whose life was made into the movie Catch Me If You Can.

And, I admit, I got angry. I want to tell you why.

Some of my friends in the ninth grade were aspiring computer 
hackers. I
suppose it was a natural impulse for a bunch of intelligent 
boys cooped up
in an otherwise boring programming class. We tried a few 
exploits but, in
the end, got caught. We were never that good in the first place, not
because we lacked intelligence but because, I am convinced, 
of the ethos
that had survived into Denver even into the 1980s. The ethos 
told us that
hacking was bad. We couldn't shrug this off our conscience, and so
conducted our exploits rather half-heartedly.

I've kept up with many of my classmates over the years. 
There is, in the
group with which I am familiar, no one who has committed a 
felony, gone to
jail, or refused to pay taxes. Everyone has walked the line. And our
reward? Most of us struggle along at meaningless 
occupations, trying to
make ends meet -- punished, I maintain, by our consciences.

For America no longer rewards conscience. If you kill 
someone, you will be
offered a book deal. If you impersonate a doctor and nearly cause the
death of a baby [like Abagnale], someone will make a comedic 
movie about
you. If you become a hacker and endanger our government, you 
will become a
consultant. If you sink a company, you will find a high 
position in that
very government. Only competence at criminality and 
self-promotion are
rewarded. The more vicious, heartless, and inept you are, the further
you'll go.

If you want to talk about anti-Americanism, you can't find a better
example. The culture of merit, sincerity, and principle that 
once animated
this country is gone, and that impacts everyone from left to right.

Have you seen The Man Who Shot Liberty Valance? John Wayne's 
character
refuses to take the credit for an act that would, in that 
day and age,
have made him famous. His principles dictate that he cannot engage in
self-promotion, which he leaves to Jimmy Stewart's character. Stewart
becomes a senator and marries a woman with whom Wayne was in 
love; Wayne
retires from public life and dies alone.

Oh, but today! After shooting Valance, Wayne would have 
gotten a publicity
agent, launched a blog, and gone on talk shows. He would 
have done the
lecture circuit, opened a consultancy on how to shoot 
outlaws, and sold
his "life rights" to a Hollywood studio.

I'm sorry to say it, but I hate what you might call the 
post-Wayne America
(and I say this despite having radically different politics 
from Wayne
himself). It's an upside-down country in which criminals become
celebrities while good, hard-working people struggle along 
on dollars a
day. There is no longer any act divorced from its promotion. The only
principle is to gather as much money and fame as possible, 
prostituting
yourself all the way, until you die.

I do not feel that a country can long endure such principles 
or such acts
of decadence. They constitute a kind of rot that will, some day, turn
America into the equivalent of the moribund, cynical 
countries of Western
Europe. Moreover, they are a gleeful betrayal of every 
principle on which
this country stood for the first two centuries of its existence.

I suppose this article will be met by incomprehension from 
people who have
absorbed their values from the post-Wayne moment in American 
history. As a
historian, I am a professional pessimist, but I can't help 
but feel that
these very people are only the tip of the iceberg; that, as 
in the movie
15 Minutes (or, more apocalyptically, Death Race 2000), 
crime will pay
even more than it does today.

It is worth concluding with a passage from Henry Miller's The
Air-Conditioned Nightmare, which captures the spirit of the changed
America to which I allude:

As to whether I have been deceived, disillusioned...The 
answer is yes, I
suppose. I had the misfortune to be nourished by the dreams 
and visions of
great Americans. Some other breed of man has won out. The 
world which is
in the making fills me with dread....It is a world cluttered 
with useless
objects which men and women, in order to be exploited and 
degraded, are
taught to regard as useful....Whatever does not lend itself to being
bought and sold...is debarred. In this world the poet is 
anathema, the
thinker a fool, and the man of vision a criminal.

Copyright 2000-2006 Line56.com


_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com


-------------------------------------------------------------
---------------
--
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to 
win the Analyst's 
Choice Award from eWeek. As attacks through web applications 
continue to
rise, 
you need to proactively protect your applications from 
hackers. Cenzic has
the 
most comprehensive solutions to meet your application 
security penetration 
testing and vulnerability management needs. You have an 
option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a 
managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you 
to confirm your 
results from other product. Contact us at request () cenzic com 
for details.
-------------------------------------------------------------
---------------
--




--------------------------------------------------------------
----------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win 
the Analyst's 
Choice Award from eWeek. As attacks through web applications 
continue to rise, 
you need to proactively protect your applications from 
hackers. Cenzic has the 
most comprehensive solutions to meet your application 
security penetration 
testing and vulnerability management needs. You have an 
option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed 
service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to 
confirm your 
results from other product. Contact us at request () cenzic com 
for details.
--------------------------------------------------------------
----------------


------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault