Slashdot Mirror
l0pht Joins with Others to Form @Stake
ContinuousPark writes "MSNBC has an article by Brock Meeks, reporting the formation of a security company called @Stake with members from L0pht and people from Compaq, Forrester and Cambridge Technology Partners. They already have $10 millions to start the whole thing. " Check out the recent interview with l0pht heavy industries, as well.
Also, does this mean you won't be setting up a headlines service, entitled nfn@/..com :)
Last, but not least, I'm going to bet you don't live in that town that changed it's official name to a web address. :)
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
It depends. L0pht, as it stands, is probably very trustworthy, reputable and straight-up. But sooner or later, they're going to get fresh blood, and who's to say they'll be playing by the same rules?
Then, other [h|cr]acking groups may try and cash in on this, set up their own "security firms", and rip people off for serious money. Even if/though L0pht has nothing to do with any such stuff, they -will- get tarred by the same brush. That's the way the media, and Joe Bloggs, Inc. work.
Last, but not least, it'll only take L0pht missing -one- security hole, just one, in a high-profle company, and there'll be a national scandal, possibly international. L0pht'll undoubtably be accused of leaving the hole there for their own "nefarious" purposes and (at best) be sued to oblivion. The worst'll depend on whether the cops or the heavies get there first.
I would never try and disuade anyone from this kind of venture. It sounds like an extrodinary mix that feels just right for what people need today. What concerns me is that "rightness" might just destroy L0pht and any other "[white|grey]-hat" group. Humanity is notorious for destroying the people it needs, and crushing it's heros.
I'd rather not be reading, this time next year, that those [h|cr]ackers who want to put their skills to good, considerate use are all in maximum security, lynched, or hiding out in the Amazonian rain forest.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Complain to your management or whoever manages the filtering software. L0pht is not a criminal organization (though some of their practices are controvercial). They are a legitimate security consulting organization, and they give back to the security community whenever they find vulnerabilities.
If your management doesn't want secure systems, they should continue to filter out those web sites. But I suspect if you let them know the value of the service they provide.
People in general have a tendency to villify anything they don't understand, especially when it gives people a kind of power they don't have. This is exactly what is going on with the field of computer security. To make matters worse, there is a double standard... Law enforcement and government agencies openly condemn the actions of legitimate hackers, and then turn around and hire them to do their dirty work.
I can see an IPO coming soon in the next few months, (NASDAQ: HACK).
Maybe someone should tell the military about @Stake and save taxpayers millions of dollars? After all, why should Uncle Sam feed, clothe and pay hackers, if they can just sub-contract them like they do everything that doesn't require dying?
Then again, do we really want our firewalls to be made by the lowest bidder?
-- What you do today will cost you a day of your life.
IANAL, but I get the sinking impression that you havn't even figured out what "IANAL" stands for. Of course I could be wrong, as I do misinterpret things, because well... IANAL.
Having read the L0pht comments on Seattle's finest monopoly company, I wonder how MS will view this development. Think about it - while MS endeavour to sell Win2K to enterprises, @Stake, a high-profile REPUTABLE security company is telling them what security actually means, and where the holes are. I regard this development as a Good Thing - it's about time that security got the profile it deserves, and the only way to get that to much of the Corporate world is to set up a corporation to do it. @Stake have it right.
ben_ the technologist and platform agnostic
usually from the [h(cr)]ackers.
/., but when I finally found one, it was already posted :(.
I read about this morning in the paper and tried to find it on the web, to post to
Anyway, this is good and bad. The ones that can make the best secured machine is usually the ones that are the best a breaking them. But most crackers have an ego. They will probably always leave a back entrance that is very difficult to find. Now I would trust them enough to analyze a system, and consult on how to make it better, but I don't know if I could trust them to work on the machines themselves. But then again, if they are now a company that relies on trust, then the may keep from doing it. But if this company gets big and starts to hire lots of people the trust may just go down. So, it's a good thing and it's a bad thing.
Funny, my company just got new filtering software and I no longer can look at www.l0pht.com or www.2600.com. They are filtered as "criminal activity" sites. But I use to read these sites to get the information on how to secure my systems better. But at least I can see these sites at home.
Steven Rostedt
Steven Rostedt
-- Nevermind
I have to look on this as a Good Thing, iff it turns out to be what it should be.
:)
There are so many companies out there selling snake-oil security 'solutions' (monoalphabetic encryption anyone?) that people are putting their faith in because they don't know any better, and don't have the time to learn. Plus, when a company the size of Microsoft says 'Oh don't you worry about that, it'd never *really* happen' all too many people will take them at face value.
It's good to have people with some real cracking mileage under their feet doing this because it ads credibility to what they're saying. It doesn't matter if you like them or not, you'll sit up and take notice if the folk who wrote l0phtcrack put their hands up and say "it doesn't look right" when talking about the security of a given product. They've demonstrated that they know what they're talking about, and demonstrated that "that probably doesn't matter" is no way to regard security issues.
One of these days, we may even manage to convince the commercial side of the business that security is a fundamental, and that a robust security facility must inform every other aspect of installing and managing systems, especially on the Internet. But hell, it's easier just us techies aren't doing our jobs properly when someone gets cracked...
(not that I'm talking from sore experience or anything
will we ever see the end of the media/commercial use of the 'sexy internet'(TM) chars? stuff like @,
Well, over at ZDuhNET, they report the company name as "AtStake Inc."
Oh wait, the headline sez they are joining the e-security market. e-yuk.
======
"Rex unto my cleeb, and thou shalt have everlasting blort." - Zorp 3:16
Sacred cows make the best burgers.
Personally, I'd like to see a new keyboard, aimed for the marketing managers, with the "i" and "e" removed, so they can't point to iMacs sold through eCommerce as The Way To Do It. We've seen more than enough lower case prefixes, thank you very much...
I have an old issue (ca. 1990) of Scientific American with an article about how several former members of the Legion of Doom were going to create a computer security consulting company. Reading about the L0pht guys' company reminds me of the LoD guys in a lot of ways, including a trendy picture they had of the LoD guys posing in sunglasses and suits. After the article came out, I recall that they started the company but went out of business a short time later due to a few factors. First, people weren't all that concerned about computer security at the time because it wasn't as obvious of a need in the pre-Internet days. Second, I got the impression that they maybe played around more than they ended up doing productive work.
It will be interesting to see how successful the L0pht guys are. A lot of factors are different now than in the late 1980's. For one thing, people are a lot more aware that there are adversaries out there who want to get into your computers. Also, it seems that the market favors trendy new computer-related companies, a testament to this is the $10mil of startup money they have.
One thing that I haven't seen mentioned anywhere with this discussion is Gene Spafford's (from Purdue) assertion that it is foolhardy to trust hackers with your sensitive information. He equates this to trusting a crook to guard your bank vault. Not sure I totally agree with this, but it will be interesting to see how the world views this.
This strikes me as a "Very Good Thing"(TM). This melding of industry heavyweights with the undeniable genius of L0pht should be able to provide their clients with EXCELENT security analysis and hopefully companies will finally realize what a secure system really is.
One thing I'm wondering is whether L0pht will be continuing their individual software and hardware projects. Will they be able to keep their IP? Will they still be releasing holes?
Just food for thought.
P.S. I just can't help thinking of Alan Dean Foster's hyperactive otter from the spellsinger series every time I hear the name Mudge (grin)
<This .sig left intentionally blank>
If anyone deserves to be recognized and to make money, in the field that they love, it's
the guys from l0ft. They talked at one of the hope(hackers on planet earth conventions) and
they convinced me that they are truly concerned with the internet community and the underground.
BTW if you would like to hear what they had to say check the 2600 website. Look for the hope archives.
Environmentalists are their own worst enemy. ~tricklenews.com
Sorry about the number of posts I really like these guys.
Environmentalists are their own worst enemy. ~tricklenews.com
stuff like BSOD, IANAL,LOL and the oh-so-popular ANAL.
i work for @IANAL(no flames please) and even *I* am getting sick of it. hopefully as the net-craze will sweep past the consumer, leaving only painfull memories of CAPATALIZED abbreviations and 'IAMAL.com-everywhere'
More race stuff in one place,
than any one place on the net.
will we ever see the end of the media/commercial use of the 'sexy internet'(TM) chars ?
., /, and the oh-so-popular .com
stuff like @,
i work for @home(no flames please) and even *I* am getting sick of it. hopefully as the net-craze will sweep past the consumer, leaving only painfull memories of dotted phone numbers and '.com-everywhere'