Slashdot Mirror
l0pht Joins with Others to Form @Stake
ContinuousPark writes "MSNBC has an article by Brock Meeks, reporting the formation of a security company called @Stake with members from L0pht and people from Compaq, Forrester and Cambridge Technology Partners. They already have $10 millions to start the whole thing. " Check out the recent interview with l0pht heavy industries, as well.
It depends. L0pht, as it stands, is probably very trustworthy, reputable and straight-up. But sooner or later, they're going to get fresh blood, and who's to say they'll be playing by the same rules?
Then, other [h|cr]acking groups may try and cash in on this, set up their own "security firms", and rip people off for serious money. Even if/though L0pht has nothing to do with any such stuff, they -will- get tarred by the same brush. That's the way the media, and Joe Bloggs, Inc. work.
Last, but not least, it'll only take L0pht missing -one- security hole, just one, in a high-profle company, and there'll be a national scandal, possibly international. L0pht'll undoubtably be accused of leaving the hole there for their own "nefarious" purposes and (at best) be sued to oblivion. The worst'll depend on whether the cops or the heavies get there first.
I would never try and disuade anyone from this kind of venture. It sounds like an extrodinary mix that feels just right for what people need today. What concerns me is that "rightness" might just destroy L0pht and any other "[white|grey]-hat" group. Humanity is notorious for destroying the people it needs, and crushing it's heros.
I'd rather not be reading, this time next year, that those [h|cr]ackers who want to put their skills to good, considerate use are all in maximum security, lynched, or hiding out in the Amazonian rain forest.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
I can see an IPO coming soon in the next few months, (NASDAQ: HACK).
Having read the L0pht comments on Seattle's finest monopoly company, I wonder how MS will view this development. Think about it - while MS endeavour to sell Win2K to enterprises, @Stake, a high-profile REPUTABLE security company is telling them what security actually means, and where the holes are. I regard this development as a Good Thing - it's about time that security got the profile it deserves, and the only way to get that to much of the Corporate world is to set up a corporation to do it. @Stake have it right.
ben_ the technologist and platform agnostic
I have to look on this as a Good Thing, iff it turns out to be what it should be.
:)
There are so many companies out there selling snake-oil security 'solutions' (monoalphabetic encryption anyone?) that people are putting their faith in because they don't know any better, and don't have the time to learn. Plus, when a company the size of Microsoft says 'Oh don't you worry about that, it'd never *really* happen' all too many people will take them at face value.
It's good to have people with some real cracking mileage under their feet doing this because it ads credibility to what they're saying. It doesn't matter if you like them or not, you'll sit up and take notice if the folk who wrote l0phtcrack put their hands up and say "it doesn't look right" when talking about the security of a given product. They've demonstrated that they know what they're talking about, and demonstrated that "that probably doesn't matter" is no way to regard security issues.
One of these days, we may even manage to convince the commercial side of the business that security is a fundamental, and that a robust security facility must inform every other aspect of installing and managing systems, especially on the Internet. But hell, it's easier just us techies aren't doing our jobs properly when someone gets cracked...
(not that I'm talking from sore experience or anything