Slashdot Mirror
Should You Hire a Hacker?
fabioj writes "Business Week has an article about today's debate at the RSA Security Conference held at the Moscone Center attended by Kevin Mitnick and his 1995 trial prosecutor, Christopher Painter. Interesting to note that Painter doesn't see Kevin Mitnick's experiences as a deterrent for the 'up-and-coming technology workforce' to criminally hack."
I can see Kevin's point: People do change and have the ability to 'grow up' beyond their previous transgressions..
However, he's not just a hacker, he's a felon. Big difference.
"Anybody who tells me I can't use a program because it's not open source, go suck on rms. I'm not interested." (LT 2004)
So why is Poindexter running Total Information Awareness?
It takes one to know one.
It certainly depends on the circumstances.
What ever happened to "rehabilitation"... I guess some people just can't forgive.
- colin
He's not a criminal any more, he's a member of society just like the rest of us.
Mr. Painter seems to be...painting...anyone who has ever committed a crime as a lifelong criminal. Good work rejecting the entire philosophical foundation of our criminal justice system, dipshit.
When Mitnick brings on the nuclear war, whose house does this prosecutor chump expect those bombs to be aimed at?
Won't somebody think of Painter's children!
well its kind of hard to learn the ins and outs of security systems when its illegal to even run them these days, let alone legitly research their innards.
yay for spelling
If someone will employ you, then you're trusted. You just have to prove yourself to them
Brocklesby Park Cricket Club
You know the rest.
Although it certainly matter what your former profession might be, as long as you can do your job (of network security, I mean). OTOH, it seems like the best methods of foiling spies and hackers is to think like one, and the best way to think like one, is to, well BE one.
Interestingly, I wonder exactly who the U.S. has employed in its counterterrorist operations.
So the question boils down to morality. And that's not so easily defined. IANAH, but I suppose one of the better methods would be double-blind security; one ex-hacker to design the system, one ex-hacker to try and defeat it, and never the twain shall meet.
I actually kinda agrea with both of them. A criminal isn't one to be trusted depending on why they were in jail for, but on the other hand, one who has the knowldge, a hacker in this story, could be very usefull. A hacker knows how to get around things, and if at first they can't, they work at getting their goal. they have experience. now Painter might say thats why you should higher a security professional. yet who would you rather have, some nerdy kid fresh out of college? or would you rather have someone who knows whats out there, has experience with the programs that you will be using? and quite frankly could do better security audits then the nerdy college kid? no offence to anyone in college for this, nerdy just seamed like a good way to state my point even though the majority of the people in the field aren't that way at all. heh. well just my 2bits, peace.
as a company's employee - maybe as an expert. AFAIK he was a genius at using tools, but I don't remember him creating any of them. Maybe I'm mistaken? That brings another question: if somebody creates a tool and somebody else uses it, who is the bad guy? Recent stories (like the one of DeCSS and the one about RIAA suing students) show that people start to go after those that make tools. Shouldn't we start prosecuting gun, hammer, ax, and car manucaturers?
iThink iHate iMod
Most caught crackers are going to bring special, outdated skills to the job.
Obviously, Kevin's skills lie in the security sector. Isn't it just being logical that he would seek a security related job? What else could he do, flip fries?
WANT INFO ON A COUNTRY?
Companies should be allowed to hire anyone they want, whether they have a criminal conviction or not.
What's the problem?
If I seem short sighted, it is because I stand on the shoulders of midgets
$5 / month hosted VPS on linux = awesome!
They're called crackers.
Mitnick sounds like little more than a self-promoter to me.
If you are forever a criminal, for comitting a trespass against your fellow person, then what does that make Australia?
Seriously, brothers of slashdot, we are all forgivable. Whatever trespass is comitted against you, forgive that person. As for Mr. Mitnick, he did not trespass against the United States corporation. Mr. Mitnick is being held by a foul corporation that treats everyone as a criminal to be governed; unforgivable.
The United States is a verry immoral Church. They can't be forgiven for any such deeds, because they are maintaining a state of war against Civilians (the Republic). In my Church, I have learned to do unto others as I would do unto myself, as well as whatever vile act committed against me with malice should be dealt equaly in return. Personally, many people have stolen stuff from me, and I have forgiven many because I do not have faith in paper money. As an institution of my father in heaven, Ihova, it is my duty to administer those laws unto myself and teach any willing person about those laws.
Jesus Christ has taught me well. If Mr. Mitnick committed a trespass against me, I would welcome him openly to be my friend and work together for a better (especialy more secure) computing world. Mr. Mitnick, unknowingly, has followed in the feet of Jesus Christ. Back in Jesus' day, he kicked all of the vile marketers out of the worship-place of his father. In being accountable for his actions, he rebuilt the market in three days without, without hands! I'm not saying Mr. Mitnick will rebuild what he broke in three days. Mr. Mitnick didn't break anything, he acted within the allowed premise of the software. If an SQL server, http server, or Microsoft Networking server gives you unrestricted access in no matter what circumstances, then it is honest to say that you are authenticated to access the data.
Mr. Mitnick broke nothing. Jesus knows it and I know it. Mr. Mitnick has been incriminated by ignorant, foul, hateful, and illegitimate government. If anything, those that claim he commited a trespass against them should be the ones prosecuting him: innocent until proven guilty, not this anti-Republic guilty-until-proven-innocent gestapo organization holding you in a dismal prison without allowing you to tend your papers and persons. United States' gestapo compares to the days of Hitler, where having a physical appearance (emphasizing appearance) convincts you without a jurry of commiting a crime. My hair is bigger than Mr. Mitnick's, I know what I'm talking about here.
Glad to clarify,
Without Prejudice, UCC 1-207
Anonymous Coward
I think all people predisposed to running m$ operating systems and applications see Open Source advocates as criminals, since they are 'stealing' from Bill and his market share.
Am I running a bank with millions of dollars, and do I want the reformed hacker to secure the database with all the money in it?
Come on, this is common sense:
1: If the reformed hacker was doing it for personal profit, don't hire the hacker. If the hacker was just bored and causing trouble, maybe hire the hacker.
2: If you want to secure the aforementioned bank's financial DB, don't hire a hacker, and have someone looking over the shoulder of the guy you do hire. =)
3: If the reformed hacker writes all of his memos in 1337$p34|{, make sure you aren't hiring a reformed script-kiddie.
Like I said, simple, sensible rules...
Lagito ergo expectabo
See what that kind of thinking led to?
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
I don't know about anybody else out there, but I'm much rather hire an ex-hacker that hasn't yet been caught.
Just like no one who went AWOL should be Commander in Chief, and the head of a giant energy corporation who mismangaged and defrauded it out of zillions of dollars should serve on a energy 'task force' behind closed doors, and a convicted monopolist should be able to expand their business to the very department of Justice that looked the other way.
Oh.
I guess what I meant to say is Christopher Painter must be a dumbfuck.
Thank you! I'll be here all week!(or at least until the Privacy Czar's Storm Troopers come to put a transmitter in my ass...)
Just google for getting more results and descriptions on the subject.
Genius doesn't work on an assembly line basis. You can't simply say, "Today I will be brilliant."
It's not just about whether convicted felons can be trusted--M. seems to argue that it's actually _better_ to hire someone who's been on the shady side of the law.
And as most crackers look for unsecured systems rather than attacking or defending a specific one, I don't think the "special skills" argument holds much weight.
Ex-druggies make great recovery therapists but bad customs agents..
Like Frank Abagnale who, after a brief but brilliant career as a conman, was eventually hired by the FBI itself.
BOO! TERRO
So the prosecutor was concerned about Mitnick's lack of remorse? While I cannot condone Mitnick's actions at all, I have to wonder how easy it would be to show remorse when the legal is being used abused against you. If there had been a speedy and fair trial that would be one thing, but given all that happened in this case I know that by the time the actual trial came about my anger would get in the way. I'm not saying that's ok, I'm just guessing at what my own reactions might be.
Winkler might want to look at the message that HP is sending by hiring the Getto Hackers and not hiring Mitnick. To me that message is "Hacking is ok if you don't get caught." I suppose it might be a valid viewpoint (in football it isn't holding if the ref doesn't call it) but to me that seems like the wrong thing to say for someone who is trying to take the moral high ground.
"Where quality is like a dead stinking rat - you just can't miss it."
And of course criminals have no place in law enforcement. </sarcasm>
1) abuse of skills
2) ????
3) profit!
I believe there is room for people who proves themselves to be trustworth. These are the sort of folks who have a private contained network in which they do their hacking. There aren;t hurt anyone and theuy are still learning.
If they find something they then take the appropiate route of contacting the appropiate company and working with them to fix the problem As for the people who find an exploit then use it. No definitly not
Rus
Cheap UK and US VPS
The government hires ex-criminals to fight crime with great success -- just look at She-Spies! ;-)
Hacking is an addiction. Furthermore, a succesfull cracker does not necessarily make a good security expert. You wouldn't give a 5 time convicted drunk driver their license, even if they haven't touched alcohol for years... Why? Because it can be too easy, too much of a temptation to fall back into old habits.
Maybe you've never felt a true addiction. Perhaps you don't know what it's like to be mentally chained to some action, item, etc. Sure, you get into long programming binges, where you're in 'the zone' for hours, but it's not like you can't go 2 minutes without zoning out of real life and thinking about your program.
When you are addicted to something you very literally are unable to keep your mind off the subject for any length of time.
The chances of an addicted, convicted, and reformed cracker of being tempted and going back to their old ways are so much greater than the chances of a programmer/net admin/whatever who hasn't been addicted that it isn't a reasonable risk to take. You don't give a reformed alcoholic a wine tasting job.
That being said, it's unfair to group people together by any metric. I could say, for instance, that all good criminals are persistant con men. It isn't always true all the time, but when you look at one case at a time it certianly seems so. Most, if not all, of Mitnick's significant exploits weren't brain power, or shear ability to break systems. It was his ability to convince another person that he was authorized to recieve sensitive information, and when he didn't get it from one person he moved on to the next. A very charismatic, persistent con man. Certianly no Carmack.
So it's not fair to lock everyone convicted of computer crimes from using computers again, or even from using computers in the way they used them in their illegal activities.
But if you are shortsighted enough to believe that a true addicted can ever be fully and completely cured... Employer beware...
-Adam
The good ones will just pound sand and say, "They didn't teach me that in 'Hacker School'".
Added benefit: If you hire all the evil hackers, they'll be so busy hacking other evil hackers that they won't have time to steal your credit card database. Besides, we all know that hackers don't break into computers. They spend their time copying Apple II games.
I'm a consultant for an internet security company. The job is challenging, varied, fun and well paid. I get involved in pen tests, source code audits, hardware audits, etc etc. I wouldn't have got this job were it not for the fact that in a former life I used to 'play' with things I shouldn't. Don't get me wrong, I've never been arrested or charged with any crime relating to computer misuse, I've never done anything that serious. Something as simple as writings 'POKEs' for computer games was considered hacking/cracking in the old days.
I'm not the only one in the company like this. There are other senior members of staff that some good past experience. Between us all it means that we have a vast wealth of knowledge and experience that enables us to offer a good service to the customer.
So, the point of my post is, that being an ex hacker/cracker isn't a problem to my employers.
If a criminal is a criminal, does that not mean the whole point of prisons doesn't work? They aren't just there for punishment, they're there for the convict the reflect on his/her past and become a reformed person.
Im pretty sure that the main point of prison..besides simple punishment..is to reform those to behave society's rules when they have shown that they cant. When they are released from prison, they are -supposed- to be considered a fully functional reformed member of society.
To label an EX-con as always a criminal kind of goes against the whole point of prisons, and general reform.
It's easier to fight for one's principles than to live up to them.
...to babysit your kids after she gets out? Maybe Paula Yates? After all, they'll have served their time. Forgive and forget, eh? Perhaps one of the local child molestors in your town?
Gee, the silence is deafening.
Let's say a maid who robbed a former employer? A nanny who assaulted a child in her care? A butler who used an employer's Net connection to threaten the President?
Let's see if you'd put your money where your mouth is.
I am not in a position where I can affirm that Mr. Mitnick is reformed and can be trusted. However, I disagree with statements such as "Criminals are Criminals".
And in answer to the assumption that Fortune 500 would not hire a criminal for his services, I would like to point out that many of these companies have hired Mr. Frank Abagnale in the past, who first made himself famous for check fraud before working with the FBI and then creating his own consulting firm. He is an example that an ex-criminal can become successful by using the same skills that made him a criminal in the first place, and that law enforcement and big companies do sometimes hire such people for their services.
WTF. Obviously they're not responsible for the misuses of hacker that they quote, but they're goddamn Securityfocus. They have no excuse for not knowing how to use "hacker" properly. That's like an artist pointing at a paintbrush and asking you to hand them that thing with the fluffy end.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Dicey.com Recruitment Inc. opens its new center at Alcatraz ...
I don't understand this discussion. A lot of movies and TV-series have already proven that using a former criminal is the only (cool) way to go if you really mean business?
The glass is half-full. With poison. And there are cracks in the glass. The dirty, dirty glass.
From the article: Regardless of whether or not a hacker with a record has reformed, the bottom line, said Painter, is that paying former criminals big bucks sends the wrong message to the young, up-and-coming technology workforce. He added, "That's like saying the best way to a high pay check is to go out and be a criminal hacker."
Too right. I agree with this 100%.
If we encourage kids to do this, by promising them a long and lucrative career in 'Security', then we will just have even more crackers out there trying out their so-called skills.
I've had one guy who repeatedly downed a DALnet server I managed tell me that basically he hoped to put his skills on the market once he finished his Degree. He laughed at me when I suggested having a criminal record might slow him down.
If you run an IT department, don't hire crooks. No matter HOW good they say they are, a trained professional without a criminal record is a thousand times better than some thug who has spent his youth trying to make lives for people like me a misery.
I used to work at MHMR/TC and my supervisor, on at least one occasion, bought phony computer equipment and pocketed the money. Further, when a co-worker of mine tried to blow the whistle on him, he was told to play along or else they would make his life miserable at work, which they did and he was soon fired or forced to resign.
I, on the otherhand, who am very skilled with computers, was put in a rather awkward position after I was let in on the little secret because it soon became apparent that it was bothering me and they obviously feared they could not trust me, so they treated me badly and I soon became suicidal and tried to commit suicide four times.
Later on, however, after I was forced to resign and was able to collect myself, I discoverd that one particular co-worker's Yahoo! email account was linked to credit card stealing, which you may view for yourself here which so happened about the same time someone stole money out of two of my co-worker's purses.
When I discovered this, it was like, great! We finally have the culprit and so I told them, but they did not do anything. I even told them about the supervisor that was buying phony equipment and keeping the money. Still, they did not do anything. Then, after realizing many are involved, I wrote one email to many people in the organization (that is, many people were in the To: header) and they responded by threatening me with litigation concerning things like computer security breachment, criminal harassment with a computer and some other computer crimes.
Why is it that since they're idiots with computers but thieves they can point to someone that is good with computers and not a thief and call her a criminal hacker?
I don't think most hackers hack because they like crime. They like a challenge. The want a way to test their intellectual arsenal against others.
:) )
In a way, I guess you could look at hacking the first multi-player online game. It was the first way to pit yourself against a real human opponent online (aside from checkers and chess on Prodigy back in the 80's I guess
The hackers play the "side" of the hackers because that is the side that's most available. If you give them a job as the sysadmin, then being able to read everyone's mail is no longer a challenge and, hence, tends to lose its novelty. Instead, they now have a new adversary: the rest of the hacker world.
It's all about proving that your king-fu is better. Whether you play the black pieces or the white pieces only determines the numbers printed on your paycheck (or your orange jumpsuit, I guess).
OK. A guy breaks the law and is convicted on the basis of his hacking crimes. When he comes out he gets a prime well paid job on the basis of his law breaking experience.
What kind of example is that setting?
"Break the law, and get a good job" is NOT a good example to be setting, it will only encourage people to commit similar crimes.
I think companies are perfectly correct not to employ convicted hackers in a security role. It is completely morally and ethically wrong to reward people for crimes they have committed.
"Information wants to be paid"
fucktard
Mitnick upset a lot of people but he hasn't stolen money or hurt anyone. I wouldn't want to employ him, but I certainly think he has a lot to offer as an external consultant on security. A lot of what he has to teach isn't even technical, but it is stool useful for all levels in the company, especially at places like reception and help desks.
See my journal, I write things there
That was the problem because I'm not a crook but they want to paint me a crook so they can continue on their wicked ways.
Is this the title for the new Disney movie?
Note to self: get smarter troll to guard door.
Yeah, absolutely correct.
I mean, it's not a good idea to hire someone who actually got caught, obviously the guys who avoided the radar are much better with security..
"Painter says a criminal is a criminal"
Oh, right. Then what idiot is letting all these criminals out of prison after they serve this thing called a "sentence"?
Perhaps this idiot is releasing them because there is no room in the prisons? Then why don't we just kill all the criminals?
I mean, a mass murderer is a criminal, they are given the chair. Why should somone who stole a toothbrush from a supermarket be exempt?
The comment "Painter says a criminal is a criminal" will be added to the list of comments that haunt thier creators in the future. For example:
"640K should be enough for anybody" - Bill Gates
"I see a world market for, maybe, 4 computers" - Some famous guy said this when a computer filled the room I'm in now.
hmmmm?
I saw a homosexual movie about some burly men that did that. They dressed-up as pedi-stewards, boarded a plane, and groped eachother's assholes with apple cider while serving beverages.
Is this the guy or what? I need to meet him. (Rrrrr!)
It takes one to know,or catch one,but why let the fox in the henhouse?How about just getting a hacker to train a trustworthy person?
Kevin is vulnerable. He doesn't know his rights because he is a hacker. It is Common Knowledge that hackers are extremly intelligent and don't gain that information using bookworm-tacticts. Hackers are known to study without books...they study in the wild.
To protect yourself from illegitimate government, you honestly can't do it alone and without books. I can help Kevin, I'm the cracker of United States Code, but I need to get in contact with Kevin to do it.
Without Prejudice, UCC 1-207
Anonymous Coward
Hackers do it for a couple of reasons. They want to get rich, they want notariety, or "because it can be done" (and gotten away with). Mitnick is likely set monetarily given the publicity his case received. So he won't be hacking to get rich. He's alreach achieved notariety (infamy, if you want). As for the last, given the intense scrutiny he'll be under for the rest of his life, it's not really in his best interests to try anything. Instead of arguing that he's reformed he should argue that his circumstances have changed such that it's no longer in his best interest to hack criminally.
Of course, the wrench in the works for the above argument is that some hackers may do what they do out of a compulsion...in which case the logical reasons for why it's no longer advantageous to them won't make a lick of difference.
Mitnick says hackers bring special skills to the job, while Painter says a criminal is a criminal
What Mitnick is dreaming about cannot be seen in US, but elsewhere.
Quote from the article:
The famous American hacker Kevin Mitnick was stopped from going near computers, even from working a cash register, but they can't do that in this country.
I've had two job offers - one from the guy who tracked me down
And should be treated as such...
How about if the US Army would recruit ex-murderers? Hmm... would you only feel safe if they weren't back home?
I think the amount of young destructive criminal hackers this precedent is CREATING far outweighs the small ammount of benefit gained by employing an ex-crimnal hacker.
The LAWs are there not just for punishing the guilty, but to serve as a deterent for future disdeeds.
Thanks Marge.
"Painter, now the deputy chief of the Computer Crime Section of the Department of Justice, disagreed. Criminals are criminals, he explained. And paying known ex-criminals to safeguard a company's intellectual property is like having the fox guard the henhouse, which was the title of the session. "
3 .s tm
http://news.bbc.co.uk/2/hi/science/nature/15280
(images found at http://twf.systemsbysteve.com/funnypics.htm)
Hey! And what's with the loads of money this guy gets?
- I choked on the red pill and now I'm stuck in limbo
Give it up. This one has been lost. The meaning of language is decided by the masses, not dictated by a special few.
You just have to accept that the word 'hacker' now has the same meaning as 'criminal' in the public conciousness.
Move on. You've lost.
Just watched operation takedown last night, its about kevin mitnick. Hes cool, so is the movie. I got a boner watching that guy do his wife :) (what was with kevin and his buddies girlfriend??)
Once upon a time, I was a hacker. I've always been into computers, since I first encountered a TRS-80 in 1977. I'm 36 now. I'm still using my original handle from those days, and wrote an article for Phrack in '85. I actually was one of the people who helped talk Craig (Neidorf, "Knight Lightning") into starting it as an online magazine. I've always believed in freedom of information.
In those early days, there were LOTS of us (young people) who were into computers and were fascinated by them. But there was no internet, and those of us in small towns (like myself) had NO means to communicate with others with the same interests, other than BBS system using a 300 baud modem, or 1200 baud if you could possibly afford it.
So, at that time, if you wanted to learn and communicate, one of the first things you would do would be to call BBS's all over the US. But phone charges were high!! And the parents didn't like that!! So -- you would ask around. And soon, you'd find out about "hacking." Hacking local systems to use TELENET (not telnet), hacking local business PBX systems to get an outside line, which were usually 3-digit "passwords" in those days, or using "codes" to dial out using Sprint, MCI, or TMC (My article for Phrack was on TMC hacking.)
Was it illegal? Yes. It was also amazingly simple. At that time, you would dial a local access number, enter a code (sometimes only 4 digits), enter a # to call, and it would go through. You could use a phone code for a month or more usually, until the customer got the bill and complained. I guess phone co. insurance picked up the tab. I never really cared.
Pretty much my entire interest in and knowledge of computing and networking came from these early "hacking" experiences. I don't regret them. And I'm the most honest person you could hope to meet. Had there been an "internet" or ANY way to communicate with other computer folks, I would have used it. I pride myself on my honesty and don't steal, rob, rape, pillage or murder. I just like to learn new stuff.
And, at that time, that was how it was done. Mitnick came from that era, and I think he was screwed unforgivably. I'm now a partner in a company that does some security work. Would I hire him? Absolutely, I know just where he's from.
PK: 09F911029D74E35BD84156C5635688C0
I agree with the previous comment that there's 2 sides to it.
It's a difficult one. It's like getting a ex- car-thief to design new alarm systems. With the knowledge that he gained from his profession he might be able to design fool-proof systems , but he will also know how it works and how and where to leave backdoors if required. Also, if something goes wrong with his solution - everyone will blame him and it might not even be his fault!
"I used to have that really cool,funny sig
You ever listened to any gangsta rap or seen the movie Catch Me If You Can? Both probably have a much bigger influence on the general public.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
It's proven that once people commit a crime, they are more likely to do so again, that is why we have parole. It is as big a risk (if not larger) as someone using Windows instead of linux for a server. It could all be OK, but there's the off chance that it may all go to shit.
This is my digital signature. 10011011001
This is a very insular USENet thing adopted by some segments of Free Software culture, and not at all in keeping with past or present common usage in the computer field or wider culture. As noted in one of the other replies, the usage of "cracker" to describe people who break into computers was coined ca. 1985; the usage of "hacker" to describe these same people dates back to the late 1970s, and was already in very common usage by the early 1980s. For the vast majority of the history of computers, this (someone who breaks into computers) has been the primary meaning of the term "hacker."
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
wow, I hope you found a better job or something.
I would never blatantly scam from work like that, that's horrible.
Kevin Mitnick has served the sentence society gave him.
And while it is every employers choice if they want to hire him or not, it is foul play of his prosecutor to argue in public that he should not be given a job.
Even if the prosecutor personally don't believe in reform (no, even though you yanks all seem to believe it, the purpose of imprisonment is not revenge from society's point of view), he is still a DOJ official. How can he send people to jail, claiming it is for their reform, when he obviously don't believe this?
Maybe he is, like somebody here so eloquently put it in his sig, a gay dungeon master.How small a thought it takes to fill a whole life
All hackers are criminals. A corp. that thrusts a hacker to gain a bit of security doesn't deserve security at all.
Should you relly be painging for the same crime twice?
Poindexter is Twirlip of the Mists is $$$$exyGal is ekrout
When you consider the evidence, the truth is clear.
Arguing that Mitnick is glorifying hacking is like saying that The Sopranos is a "wrong" show because it glorifies New Jersey-- I mean the Mafia.
1. DMCA is AFAIK, a federal crime. Trade 1 song, as the law stands, and you are a criminal
2. Since when has prison reformed anyone?
3. From what I can tell, this was one of those "precedent" cases, where the state likes to make a point/set an example. Unfortunately, when the state likes to make a point, it tends to be heavy handed, especially when said points are non-violent.
IANAH, but I suppose one of the better methods would be double-blind security; one ex-hacker to design the system, one ex-hacker to try and defeat it, and never the twain shall meet.
1. We talk about crackers here, not hackers.
2. Crackers generally suck at system design.
Remember that in general any destructive activity is easier than constructive - that's a property of the Universe we live in. Building demolition, while requires some thinking to be done properly, tends to take much less time, thought and effort than building construction. There is strong similarity in other areas of human activity.
Most creative types in the industry - software architects, engineers, good sysadmins - could succeed tremendously in cracking if they wanted to, much better than an average script kiddie. However they fortunately have different priorities.
So while I agree that it might be useful to hire ex-cracker for a security audit, the design of security measures should be left to experts.
Lisp is the Tengwar of programming languages.
both good points. i need to stop coming to /. stoned.
WANT INFO ON A COUNTRY?
So what have you done about it? cc fraud is a federal offense, I believe. They screwed you over, it's time they get some of it coming back at them.
Certainly there's someone you could milk for $ before you turn them in.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
Of course the probability of a Security Expert to be a black hat increases somewhat, if you know that he has been jailed for cracking. But you even might be able to trust an rehabilitated ex-cracker more than a hacker, whose hat colour you cant know...
And of course it goes without saing that I would hire Kevin Mitnick anytime. Indeed, this would give me a strong warm and fuzzy feeling.
can ex-hackers could be trusted as computer security professionals ?
IMO it's just a judgement call, there's no mileage in generalising. You might as well ask "can ex-M$ users be trusted as Linux users ?"
$ strings FTP.EXE | grep Copyright
@(#) Copyright (c) 1983 The Regents of the University of California.
Of course, You would also be a Felon if you were charged with defacing any public image of Smokey The Bear.
Remember, only you can prevent ignorance.
If you're looking for a computer equivalent for Von Braun you should be comparing him to Bill Gates - a designer of 'enabling technology' that can be exploited for bad purposes i.e. OS's with all those security holes
I'm disturbed but not particularly shocked at the number of people missing the point here.
Mitnick is a convicted criminal.
Mitnick is a THIEF. Regardless of how heavily the law came down on him, you can't get around the fact that he actually stole money (in the form of services) from companies.
Furthermore, he seems to show no remorse, no guilt, no understanding that what he did was wrong, and no sign of reform.
I've been playing with computers since the beginning of the 1980s, and can't argue that times were very different. However, that does NOT excuse theft, and anyone (especially convicted thieves) who say it does are not the people I trust.
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
i need to stop coming to /. stoned.
I wouldn't recommend it.
It's like, if you study for a test stoned, or something, you need to keep getting stoned.
He painted a unicorn in outer space. I'm askin' ya, what's it breathin'?
That was your problem... you email the concerns ALSO to the SEC and be sure to put that in the email that you also informed the SEC and local authorities.
you CAN blow the top off of that kind of crap, I did (you still want to get another job lined up first... you do NOT want to twork there)
The people doing this stuff are smart, yet, but they don't think about the one realistic thing that could happen to them (that is, go to jail). They only think about all the reasons FOR doing the thing they are doing.
It will help me get a job in the security industry if I do all this stuff now - look at Kevin Mitnick! (hypothetical - if he gets hired by someone big).
I might be able to make big money
They can't track me anyway - I'm waaaay to smart for the FBI/Police.
This is the stuff they did on that film hackers, and they all got hot chicks didn't they and I've never even SEEN a real live girl, let alone touched one, so if I am an uber-elite hacker, I'll pull some serious tail.
All my friends on IRC do it and if I don't do it too I won't be cool and I really need to look cool to people I've never met, never will meet, are a bunch of losers and have no girls either.
etc, etc, etc.
One point about Kevin Mitnick. The man has done his time, and he should be free to seek employment in any job that he feels he is qualified for. But I think people should keep in mind that a convicted felon may not be the smartest choice for a position as a security consultant.
This is the main point that Christopher Painter made, and I agree with that too.
Intresting concept but as many have pointed it out it has problems.
/.'ers have not crossed and its a line Mitnick was well on the other side of. But to some extent I think the largest difference there is someone who acted on knowledge vrs people who possesed the knowledge. Ultimately who makes the better applicant for a job ? The one with the knowledge or the one with the knowledge and the experience ? In terms of social engineering Mitnick is one of the few KNOWN people that knows through experience the difference between reality and theory. However the fact of his experience makes him a risk.
I can't say I would hire him to build my security system. I would however hire him to test it ala "Sneakers".
Computer security savvy is a catch twenty two. You can't know how to defend unless you know how they attack. The only way to be premptive is to figure out all the ways of attack. This means you have to attack your system at least theoretically. And the only way to determin if your deffense is effective is to test it.
People who are only testing a system will always be less creative in finding 'hacks' than those truly trying to penetrate the system. Its the problem of being inside the box.
The best crook is a cop and the best cop is a crook. Know your enemy. Keep your friends close and your enemies closer.
Ultimately I don't buy this rewarding crap. Mitnick at some level has paid for his transgressions with an all expense paid federal 'vacation'. If he so much as twitches his nose wrong with a computer system again and it is caught they will send him back and throw away the key. Paying the man to gain knowledge that can help you build a better and more secure system is not rewarding him. It is not encouraging kids to go get busted for a felony hacking offense and spend years in prison for the possibility of making big bucks as a security consultant.
To the letter of the law I doubt there are many people who post here who under 100% enforcement would not possess a computer misuse charge agianst them. How many here might have been that kid the RIAA just lit up? How many have never copied anything that was not supposed to be copied? How many have never tried a back door method of gaining access to a system ? Hell how many havn't successfully gone through a back door? Answer that with no justification, no weasle wording, and no claims but that was different. Technically the law dosn't give a damn.
Not that I think this is a wretched hive of scum and viallany. I just think this is a group of highly savvy computer users. There is deffinatly a line. A line I would wager the majority of
I can see both sides of the issue.
On one hand HP could embrace Mitnick's firm and then emblazon on their systems that it was hack proofed by the most notorious hacker to date.
On the other they can say we won't encorage miscreat beheivior and hire people who it seems pretty certain have done questionable things in their past but have never been caught.
Overall.... hiring the people that have yet to be caught may be better. But it also carries with it its own risk. They may be employing Mitnick Jr. The overworn Cliche of having the fox gauarding the hen house is poorly thought out. After all don't we often have a Dog guarding the hen house.. or the sheep ? And what is a dog but a domesticated version of the Fox/Wolf that has been trained to provide a constructive service instead of a destructive one ?
The true question to me then is if Mitnick is still a fox or if he has been house broken. If the former stay away, if the latter I can think of few would would be better. You decide. Me personally I think he is the moral equivalent of a celebrity spy ( its an oxymoron ) IE he can't do what he did anymore because he is too well known. I say companies should take advantage of the fact he is out in the open. Odds are he will wind up being a nemissis to wanna be Mitnicks more than an inspiration.
I don't ask you to be me. I only ask you not expect me to be you.
He's a bad guy - period. There are people who far are more deserving than he, no matter what his supposed skill set is. There are plenty of people that actually DIDN'T commit a crime to get where they are (and let's face it, the only reason he IS where he is is due to his crimes)
Personally, I wish he was never able to work with a computer again.
It is obvious isn't it? After Kevin has served his sentence, Mr. Painter is acting like the 'sentence' didn't work. Maybe Mr. Painter should femiliarise himself with the concepts of justice and penitence, such an understanding would seem to be beneficial in his line of work.
Correct me if I'm wrong, but Kevin manages to find work right? I've never really heard of Christopher Painter, I certainly don't care what he thinks. So what's the point of a debate? I mean if your Painter why do you accept, your only promoting Kevin Mitnik's marketablitiy IMHO. Is his goal to better inform companies about the perils of hiring hackers? I'd bet my boss, who fancies himself a bit of a security expert, will never here about this debate.
Maybe life sentences should be the only punishment used. After all - a criminal is a criminal.
I thought that once you served your time; you have paid your debt to society.
This DOJ weasel makes the case that "once a criminal always a criminal"???
Gosh, I wonder what motiviation so called criminals have to "change their ways"...
Well, then, probably every politician currently active in the US (and most other places) ought to be fired immediately.
And it seems someone needs to read Les Miserables.
Like many have already said, it's about trust... it's not about whether he is a criminal or not. Being a criminal convicted 5 times of computer related crimes makes him untrustworthy regarding computer security.
I'm sure Mr. Mitnick would be a very trustworthy chef or petroleum distribution agent (aka gas pumper). But as a security guy in a corporation? Uhhh I don't know about that one!
Why didn't you feed all that stuff to the local District Attorney then? They would have a slightly harder time laughing that off.
Whatever happened to "paid your debt to society"?
Music wants to be free.
Imagine if many of today's (ignored) misdemeanors were felonies. Who even pays attention to misdemeanors anyway?
What about crimes people get away with? They're not criminals, by definition, because they weren't caught or convicted.
So now, what if Kevin's crimes really should be misdemeanors? Or what if he hadn't been convicted? Heh, we all know OJ is no criminal.
Point is, it's not black or white like Christopher Painter um, paints it.
And Ira Winkler of HP asks, "what specialty skills do criminal hackers bring to the table that security experts without records don't already have?" How about, a proven track record? Or maybe actual on the job experience?
All that being said, if you're going to hire a cracker, you better know what you're doing. Amongst other risks, obviously your competitors/opponents can put a big spin on that news.
.sigs are for post^Hers.
Perhaps one of my favorite stories is of an Air Force Colonel who was proudly relaying a story about how he had recently taken his sports car and was by his own proud admittance racing through traffic. Well he got busted... and was being arrogant (after all, why should a Colonel be submissive to enlisted?) He then made some generic comment about "not going to speed" yet when he went around the corner he made a point to floor it (and oh yes, there was traffic around). He was very proud of himself. Sometimes people speed because they just did not realize the speed limit or just lost track of their actual speed... then there are those that feel they are above any laws made for "the little people."
did coke in his college years. That's why he would need special permission to visit Canada. (They have a law about admitted drug use)
I really still don't understand the whole forced disgust and revulsion toward computer crime. I suppose it's all about money and power. Those whole have it, don't like the peons of the world having and ability to disrupt it.
Sig
Appended to the end of comments you post. 120 chars
Correct me if I'm wrong, but this is coming from the U.S. government, the same government who trusted a Nazi to help design our rockets to lead our astronauts safely into space.
Our government will always bends that ethical line to get the results they intend. That's the heart of capitalism, the end justifies the means.
With all the media attention Mitnick got, I definitely wouldn't hire him to do security for any business I had decisions to make for. He's a magnet for attention, primarily by his sycophantic half-informed wannabes. But on top of that, he was a destructive hacker, not just the type to sneak in and take a look around. I've read some things in the past that softened my stance on Mitnick from being a "Fry Kevin!" one a few years ago, primarily related to his mistreatment by the DoJ, but it doesn't change the fact he gave hackers a -truly- bad reputation as destructive forces rather than just kids poking around.
And does he -really- have any special skills? Not really. He was a social engineer, talked his way into systems and then used technical know-how to exploit them. As far out of the technical loop as he's gotten since his incarceration the ONLY part he has left to truly speak about is the social engineering part, and there're far better people that deserve those paychecks.
My own pointless vanity vintage computing page
[sings]
Valjean at last
we see each other plain
Monsieur le maire
you'll wear a different chain.
[/sings]
I just want to take over the world...Why does that automatically make me EVIL?
what Jean Valjean has to say about the prosecutor's side.
"A good compromise leaves everyone mad." -Calvin
A criminal is only a criminal because the law says he is.
"The evil of the world is made possible by nothing but the sanction you give it." -- Ayn Rand
Just like I would never hire a delivery drive who has had a speeding ticket. Just can't trust them. I also don't hire receptionists who have had a speeding ticket. I don't use doctors who have had a speeding ticket. I don't talk to anyone who has ever had a speeding ticket in their entire life, because I have never had one, and that is the standard I expect of everyone around me. Of course I have broken the speed limit, almost every day, and I've been pulled over. But I've never gotten a speeding ticket, so I don't trust people who do.
In case you missed it, I was being sarcastic there. My point is that Mitnick was caught hacking into computers just to hack into computers. In many cases, people gave him access, unthinkingly. He never used it to steal money or trade secrets. He didn't blackmail the companies, or sell their info to competitors or the mafia. So big deal. He hacked some systems. Starting when it was no big thing. For those who say "Hacking is never acceptable", what industry are you in? It's like the websites that get pissed at people for linking to pages in their site, rather than their front page. "You don't have the right to link to our pages, you never asked permission." If a computer is connected to the Internet, or has dial-in access, and someone accesses it, and doesn't cause damage, I couldn't care less. It the computer's owner doesn't like it, he should have put better safeguards in place.
And before the "Should everyone be allowed to walk in your open front door" argument is thrown in, it's no comparison. The proper comparison would be "Should everyone be allowed to stand on the sidewalk in front of your house, and watch you have sex with your supermodel girlfriend while you two are standing in your private house, in the living room, pressed up against the large picture window?" My response would of course be, "They could take video of it and sell it if they wanted. The activity happened in public view. If I was worried about it, I would have closed the curtains to restrict their view. It would be my responsibility to protect my privacy, not theirs."
To anyone who wouldn't hire a former criminal to work on their network/systems...
Do you use Microsoft?
Catch me if you can -- This is not a sig.
I would have absolutely no problem hiring known (ex) crackers to give advice and test the systems, but i would *not* trust them. Nor would I trust anyone else without that background. Simply too big temptations involved.
I would hire one team to design the system, another to test it and a third to run it.
That way I wouldn't have to trust anyone, since no one could easily abuse the system.
All opinions are my own - until criticized
I believe I can see where Mr. Painter is coming from, given some past experience of mine. At one point in my past, I served a little over two years in a correctional facility...8 hours at a time, as one of the CO's. Even that seemingly short amount of time was more than enough to send my faith in the nature of humans straight through the floor. I personally witnessed nearly every individual that had been incarcerated and released come right back through the "revolving door" in the Intake Dept., many of them for more than one return trip. This, of course, was limited only to those who had not been convicted of serious enough crimes to warrant long sentences, but listening to them, one would hear stories of previous prison terms, or plans to continue doing what they always did as soon as they were released.
It was downright depressing, really, and I don't believe there's a single person who has worked in the American "correctional" system in any way, shape, or form for any period of time that truly believes in the concept that reform happens. If I were put in the position of deciding whether or not to hire Mr. Mitnik, given my past experience with the wonders of "reform," I'd have to say that any five-time felon would most likely take any job offer and transform it into conviction number six.
This isn't a bank robber, embezeller or even a thief.
Ok... he's a thief because crimes have been written to make him a thief. That doesn't mean he's going to actually steal anything... I suppose it depends on your definition of theft and how it applies to the legal definition of theft.
And of course... all criminals were law-abiding citizens before they broke the law.... then depending on circumstances, they either became criminals or former law-abdiding citizens...
You always have to use caution, even with people who have a clear record. At least Mitnick, with all the power he had at his fingertips didn't do anything with it... other than to gain more power.
"Mitnick says hackers bring special skills to the job, while Painter says a criminal is a criminal."
...?
They're both right. Remember It Takes a Thief
Strictly speaking though, it's not polite to call Mitnick a criminal. The preferred term is ex-convict, indicating that he was convicted for his crime(s), and has "paid his debt to society".
-kgj
He knows the business, he knows how hackers think. And the likelyhood he will be up to any more illegal stuff is minimala afterall how many people will be watching him like a hawk. Its the unknown names you want to be weary of
Slashdot - The one stop shop for procrastination
Watch "Catch me if you can". yep the one with Leonardo de crapio...
Democratic USA - Government of the corporations, by the Corporations, for the corporations.
That suggests this prosecutor doesn't believe in reform. He doesn't think prison is a deterent - even for people who've been there. It's true that some people never learn, but to make a blanket statement like that is just stupid. Then again, perhaps I'm a stupid optimist?
Here's one for Painter: every old money wealthy family has a thief for an ancestor.
And no, in this instance I did not RTFA.
An Ex convict is a person who has PAID his/her debt to society!
Delenda MPAA.
Okay, so they didn't get caught. Or maybe Winkler did it USofA style and offered to 'stop investigating' GH if they helped him. Kind of like giving one criminal a pardon because he tattled on another.
"If you were a Fortune 500 company and you hired a hacker with a criminal record to test your systems, what would you tell your shareholders?"
That we care about our systems and want the best. If I'm going to hire a bodyguard I'm going to hire someone who has been in combat and knows what it REALLY feels like to be shot at.
So why would one want to hire someone with Mitnick's background? Because of his skills, and his ability to raise corporate awareness to how people can "social engineer" them out of sensitive information.
Mitnick's book is awesome and should be required reading for anyone who has to answer a phone (hmm..EVERYONE?!). Have you ever held the a door open for someone without asking for their ID if it was required? Ever walked AWAY from a security door while it was still open?
Okay, this irks me just a little bit. Someone in law enforcement (whether you are an officer or a prosecuter) should never say things like that. The problem our society faces is that mentality that once you are a criminal, you are always a criminal.
Recidivism is the leading cause for prison overcrowding. The problem is that the convicted felons are not given the opportunity to learn necessary skills (whether they be work skills or social skills) to make it in the real world. So when said prisoner gets out of the pen, they only know one thing, not to make the mistake that got them caught the first time.
It worries me to see prosecutors give up on people. I was charged with a felony, I was not exactly convicted (plea bargain for probation, no record cuz I was young) and the court actually gave me the opportunity to make things right. And I did. I also had studied criminology in college and knew the epidemic of recidivism that plagues our society. Understanding the problem and how to pull myself out of it was very important. I also had a support network of family and friends which is also important but that is a different story.
I guess my point is this... when somebody make a mistake or poor decision, it is not exactly good to label them a violator of the law for the rest of thier life. Yes, punishment and restitution is prudent, but labels are what cause that person to repeat the crime again. Prison is not so much of a deterrant once you have already been there... it becomes a training facility and the 'me versus them' attitude begins. If you make a mistake and you know that you were dumb and should have done better yet everyone keeps calling you a criminal and nobody tells you otherwise, you become just that... a criminal.. for life.
Yes, there are some that commit crimes that are so severe that you can only think that they are mentally damaged. That is a different story and I am not saying that we should just put murderers and pedophiles into counseling and then off to the real world where they will be perfect citizens for ever... I am saying that non-vilolent crimes that do not directly harm another individual should be treated with hope that the one that comitted the crime can be reformed and contribute to society in a meaningful way in the future.
It is scary, but here is a little theory of mine. If I were to have 100% knowledge of every law in the land, and I were to watch every move you make, I would be able to charge 95% of you with at least one felony be it federal or in your state. Would the case win? Not sure... but I bet I would have a good case.
He that is taught only by himself, has a fool for a Master.
- Ben Johnson
I imagine there are indeed some recent grads with enough credentials. People enter MIT and similar calibre schools each year with more smarts than I would attribute to Mitnick today. Anyone who's actually applied themselves to study of theory for the same period that Kevin was stealing source code, reversing what he could and social engineering the rest probably is a far better choice for securing your systems.
He clearly can 'social' the 2600 crowd, let them hire him. Me hire a kid who has the brass to complain about forfeiting his hardware as a penalty for not decrypting the contents of his hard drives? Not likely. I assume we'll never know if that data would have convicted him of less 'benign' intrusions.
To top all that this is a repeat felon who hasn't formally studied theory but has tried to refer to himself as a hacker in the classical (MIT/LCS/AI-lab) sense. It'd be a cold day in hell I'll acknowlege that as a hacker.
Linux is Linux, if One need clarify their dist: <Dist>/GNU Linux
bsds are of course just BSD
Does that sound like the title of a song to anyone else? Get the rocking chairs ready and cue the banjos!
Government agencies regularly hire hackers they catch. It's only when elete hackers refuse to work for the government that they get prosecuted. So what's ok for the general public is not good for corporations? I personally know a few hackers in CA that were caught and offered positions, but turned it down. They were also under-aged, but that doesn't mean they stopped hacking. On the contrary. The best hackers know when to say when and cover their tracks very well. People who think otherwise have no freakin clue about hackers or how hackers work.
They got caught:)
Face it, I'd trust Kevin Mitnick before I'd trust one of Ashcroft's flunkies.
And yes, I realize that KM was (last) convicted during Janet Reno's watch.
If the individual did their time, they have already paid their debt to society. The obvious difference between these individuals and the one holding an opinion over them is that they have been caught doing something naughty and he has not. Let the fascist who is without guilt cast the first stone.
So, Kevin's past peccadillos make him inherently unqualified to serve the public good, is that right?
How, then, can Tom Ridge even POSSIBLY CONSIDER using Doubleclick executives to protect the nation's privacy interests? After all, Doubleclick could not exhonerate itself from the claims of more than ten state attorney generals for violations of improper trade practices with respect to its invasive surveillance of consumer network usage.
It seems that this administration's left hand hasn't a clue what its right hand is doing.
> If you run an IT department, don't hire crooks.
> No matter HOW good they say they are, a trained
> professional without a criminal record is a
> thousand times better than some thug who has
> spent his youth trying to make lives for people
> like me a misery.
[SARCASM]Right. Hire the guy just out of college who has no experience in security whatsoever. He definetly knows all of the ins and outs of security and auditing security. He will quickly find and patch for all new security holes and knows what resources to search through to find the most up to date information; because we all know that college is current, up to date, and vastly superior to real world experience in a field.[/SARCASM]
Whatever, hire the best person for the job period all things included.
I've worked as an admin since I was 17 (~10 years ago) years old and I've seen a slew of security people come and go, one of the best was a guy who was at the company before me and had gotten the job by rooting the shell server and then from there rooting every other machine on the network. After his hire they never had another breach until well after he left and the new security admin (with his big masters degree) started.
Shadus
Gotta call bullshit on this. You've been watching too much Shawshank or Magnum yourself.
In actuality, the majority of people coming out of prison _DO_ get time to adjust to a normal life. They aren't put on a bus and told to get out. That's only for people who have filled out their entire prison term. Most people don't fill out their entire prison term. They are released early on parole to save money and beds in prison. Most, if not all (that I'm aware of) violent prisoners and "hard" felons - assaults, robbery, rape, murder, etc. - are not even released immediately. They're put into a facility or halfway house. They have to follow a "level" program that requires that they follow some rules - these are things like 1) get a stable job (yes, they help) - 2) save some money with a budget and a bank account - 3) live by the rules - 4) see your PO consistently to make sure you're on track.
The quickest way to get out into society again via these halfway houses is to follow the rules - you get a job, buy your groceries, stay out of trouble, get some furloughs, and then, you "graduate" to full release, on conditions of parole or probation. If you don't follow the rules, you can get busted back down to your entrance level, or sent back to prison to fill out more of your term.
So, don't simply assume that prisoners are put back on the streets. There's a complex and well-organized program of supervision and rules to follow, unless you fill out your entire term. Which, in this economy, is nearly impossible. What they mean when they say "20 years, out in 7", is that you are sentenced to 20 years, commit no felonies _in_ prison, are released in 6.5 years to a halfway house, spend 4 - 6 months in the halfway house, then, assuming you're still following the rules of society, you are released into a parole program for 4 more years so someone can keep tabs on you - weekly visits, random drug tests, can't leave the county , that sort of thing - stricter rules than normal citizens - THEN you can be released back into society to try to live out your normal life.
So, it's not a simple, "Here's your $20 - get the fuck out." Prison systems do a thankless and difficult job of trying to get convicts back on the streets in the sanest and safest manner they can.
And yes, I was put in prison when I was 18 - convicted of felony assault for attacking a 35-year-old guy who hit my girlfriend. I've been through the program. It works. I was a violent kid. I've been in no trouble for 15 years, and I have had a good, stable career and a Masters in CS/BS in Math for about 8 years, now. It doesn't ruin your life. It SUCKS, but doesn't destroy you if you don't let it. I've got a wife, 7-year-old child, a nice house in an old neighborhood, a moderately stable job...
I'd say I'm living a "normal life".
Any sufficiently well-organized Government is indistinguishable from bullshit.
If, as the DOJ prosecutor says, "a criminal is a criminal", then why is Poindexter allowed in the White House to lead the "Total Information Awareness" program. Going even further, the US was convicted by the World Court and the UN Security Council of crimes in Nicaragua in the '80's. Then there's the matter of Kissinger, but he hasn't been convicted. In any event, lets cut the hypocrisy.
"Gentlemen, you can't fight in here! This is the War Room!" -- Dr. Strangelove
The times I've seen him (on TechTV a time or two) he's quite clear that what he did was wrong and unequivocally instructs others to not do the things he did or they could end up like he did. The punishment was fueled by a total ignorance of the technology and a paranoid fear based on that ignorance, and was not at all commensurate to the crimes. I seen no reason he can't both explain how unfair (and unconstitutional) he was treated, and yet still provide a good example of what not to do.
Vote Quimby.
How incredibly wonderful must such a "great" nation be if its prosecutors don't even believe in their Judicial system.
Yes, there are some people who don't get reformed. Those people tend to get convicted again and again and it would seem pretty obvious. But from my experience, most "hackers" who get busted tend to be teenagers who just haven't grown up. A year or two in prison tends to rectify that. Seriously, look at Mark Abene, who, after he served his sentence got a job straight out of prison. Or any of the old New York MOD hackers who got busted.
I dunno. I just find it interesting that Painter seems to believe that there's no such thing as reformation. Why exactly is he doing his job then?
Karma: Non-Heinous
They both are felons; does either one have the licenses and permits for owning and transporting the explosive devices they have hidden in their cars. Not only that, but the explosives are rigged to blow on impact...
How is this much different than the penalizing honest people are made to endure because only those with low morals and a lust for power go into politics?
If criminals are supposed to be reformed then let them use whatever, period. If they aren't then I suppose we should just either kill them the moment they are convicted or get some use out them. Maybe we could tattoo some numbers on them and have them work the rest of their short, unnatural lives in work camps.
Anybody remember the whole Frank Abagnale story? This guy stole millions of dollars in fraudulent checks, but is now responsible for most of the security mechanisms that keep corporate checks (which can be taken to mean your and my pay) safe. He gets paid millions of dollars yearly to do this. How is it any different? I don't think anybody is worried about him going off and commiting fraud again.
was a white guy from down south who hated minorities?
The problem with "hire the one that don't get caught" is YOU DON'T KNOW WHO THEY ARE!
I think you misunderstood what I said. I didn't say hire someone with a masters degree, straight out of college.
I don't know where you got that from.
Sure get someone with experience, but that person doesn't need to have rooted nameservers with a bind exploit 1000 times over to be good at his job. He just needs to be on top of whats out there and be (gasp, I'm about to say it) pro-active about stuff.
I fail to see how you need to be a criminal to be good at security. I'm sorry, I just don't see it.
And, please, don't ignore the main point of what I was saying. People like Mitnick might have a role to play in securing the net, but by *rewarding* people like him with respect and even a high paying job we are just encouraging more people to do the same thing as him!
Well, if Kevin Mitnick can do a few years in the clapper and come out, start a security business, make loads of cash etc - so can I! All I need to do is cause some serious damage and then get caught! Wonderful!
And yeah, I've been doing this crap for at least as long as you, and I've worked in one of the largest ISPs in Europe too - and I've seen so called 'security hotshots' come in, blow through, and disappear.
Do you know who the best security guy I ever saw was? A mild mannered, methodical tech who had been in the industry twice as long as me, who goes to 3rd world countries to set up net access for the needy as a hobby and who never had a breach either.
I agree to a point, up to getting government as much out of our lives as possible. Way back when we had crimes, but because we had no "victim disarmament" and people were taught that it was acceptable and lawful to carry arms and to be a major part of their own "anti crime" defense, we had much less crime and the true perpetrators got punished on the spot. The current political system is designed to create crimes and more criminals, not to solve crime or stop crime. Government is a growth industry, it is not run to make itself more efficient or fair. You are correct, prohibition created liquid drug gangs and smugglers, and official corruption, and greatly helped the advancement of a police state. Government loves to create problems so they can step in and offer their solutions, following the hegelian dialectic. Dry drugs prohibition we have currently does the same as the past liquid drugs prohibition.
Making it so you need a permit-a "permission slip" from the government to exercise a born-with right to be armed, i.e., to have an effective and immediate means to personal self defense is counter productive, and illegal under any normal common sense english language version of the second amendment. Would people stand for applying for a "permit" in order to post controversial views on the internet? No, they would argue long and hard against it. But when it comes to the personal and common sense right to be a NON victim of a crime, all of a sudden it becomes "controversial" and needs massive "interpretation" and 14,000 government laws and "permissions".
IF we were to return to a full second amendment based on "vermont style", yes, the first few years would be hectic, I would grant that to anyone, after that things would settle down rapidly as the extreme very bad guys who actually commit the bulk of the violent crimes got eliminated and any remaining would think twice and thrice before attempting serious crimes. I know from personal experience that being armed has prevented me from becoming a crime victim, and know of several more from my circle of aquaintances. I also know some people who WERN'T armed, and became victims. It's not perfect, but it's the best way to deal with things. Insisting only the police and military and the bad guys be armed is beyond irrational into actually harmful. When a government(and private bad guys) is the only one armed, that means it is no longer a government of "we the people", it means there's an "us versus them" mentality, which de-evolves just like any other of numerous examples in history. Even in very modern times you can see complete verifiable proof, take examples like australia and england, as fast as the general population gets disarmed-is as fast as you see crime including violent crime increase. Government then demands more concessions from the general population, disarms them further, making self defense that works harder or even into being illegal. Crime goes up. The population is not all 20 year old males with massive martial arts skills, people need a general "equaliser". Society and government shouldn't demand that someon'es 70 year old mom be able to fend off an attacker with her bare hands and wait for this magical police presence to appear in a timely manner to prevent harm to her. That is irrational to believe that would happen, and it obviously doesn't. The way it is set up now is a failure, an experiment gone bad, time to scrap it, go back to what we originally had that worked better.
The best deal is limited government, no professional politician class, laws written in english and interpretated in english, not legalese, and a strict interpretation of the constitution as written and intended. I would advocate an immediate cessation of writing NEW laws, and a full multi year effort to go through the entire codes and laws to REMOVE harmful and misguided laws, especially "social engineering" type laws, until we get back to a stable society.
A people have to decide on one basic premise, are they subjects
No reasonable person would ever consider killing themselfs over knowing some 'secret' that bothered them. Think about it? Go see a shrink.
Next thing you know, slashdot readers are commiting suicide after reading a post they do not agree with.
Try saying that the "actual damage to his victims was slight" to the corporations who spent millions of dollars cleaning up after one of his intrusions. Try telling that to the system and network administrators that had to clean up the carnage. Once a system has been compromised, it has to be rebuilt from the ground up.
Just because he didn't go in with a bomb and blow the place up, doesn't make the damage any less "real". So he didn't use gun to hold them, how do you know he didn't sell their proprietary secrets to their next biggest competitor? Information is as much a commodity as gear.
You have to trust your IT people in general and your security staff in particular. Once someone has shown themselves to be unethical, I would have to think twice about allowing them access to my sensitive information. Network security in particular is sensitive because we know where the firewalls, routers, proxies, etc. all are. We have accounts on most of them. Security people are the ones who are in the best position to create and exploit flaws in the security undetected. Why would you want to put someone like that in this kind of a position?
My 2 cents, Queen BHDGary secures my bank
Don't read shitty, third rate French commy literature written by some unknown Eurotrash wannabe.
Good luck trying to make that point here. Slashdot seems to be afflicted with a kind of binary thinking, where generalizations cannot be accepted unless they're 100% true. The good slashdotter strives to make his brain like a computer - smoke pours out if something's illogical.
If you say that dogs are bigger than cats, you're wrong, 100% wrong, because somewhere, somewhen, there might be once cat that's bigger than one dog.
It goes deeper than idle chit-chat on the internet - one reason Microsoft captured hearts and minds is their ability to understand and run with the fuzzy linkages. For example, if you just requested a page from a web site, you're probably going to request some images to go with that page. (Slashdotter objects: "What if the page has no images?") Microsoft is good at optimizing for the common case, for the most likely outcome, while the classic geek mentality is to dwell on the most unlikely corner cases.
....I said...duplicate...
I don't know if I should hire a hacker but I do know that Slashdot should hire a copy editor.
My
Limekiller
Kevin is a criminal.
It's not any of our fault that he decided to turn to the dark side and hack sun, and many other cell phone vendors. Really.
Stop giving him so much sympathy. I for one as a honest person am tired of hearing about this frickin criminal! Yes! Criminal!
uhm, dume maybe ? I read this already yesterday ?
I know this wont be a popular viewpoint here on slashdot, but perhaps we shouldn't reward people who break laws [by hacking] by giving them a job?
I dont mean to suggest either that (a) we should ignore a potentially powerful resource, or that (b) all hackers are necessarily immoral. However I personally would be quite upset if I were a security advisor who abstained from illegal activity, and a former hacker was hired to either replace or supervise me.
Also, from a devil's advocate position, I'm thinking this is akin to the hiring of former insider-traders to work on preventing further cheating. Basically, we're inviting the dog back into the pantry.
Please dont mod this as a troll, since I'm being serious here.
"Stumble before you crawl"
Either this is the same story from earlier today.. or I'm like that dude who made all that cash in the stock market
What makes the whole repeat-ness of this story even worse is that there is a vote about it up right now!
This isn't a repeat of the earlier /. post. That one linked to security focus and this one links to business week. But the business week article is just a reprint of the security focus article...
Would you hire a reformed ex-spammer to advise you on how to secure your mail system?
Would you pay a reformed ex-spammer to give a presentation at your company about mail system security?
Would you trust a convicted spammer if they've said that they are, indeed, reformed?
My personal answers: no; yes; and probably not.
So this is another dupe? I wonder how many stories get duplicated that never make it to the front page. Anyone know?
Because it's about grace. It really is about grace.
dupe!
...go post on the original article instead, and stop encourging the punch drunk excuse for an editor here.
...the hacker could just steal an identity and get hired otherwise.
Would you hire a convicted embezzler to keep track of your savings account?
Would you hire a rapist to babysit your daughter?
Why would you hire a former cracker to secure your network, when there are plenty of non ex-convicts with similar or better experience for the job? How well-versed on current, relevant technology do you think someone who spent the last 7 years of their life in prison and prohibited from touching a computer is? Sure, social engineering never changes, but that's only part of your security infrastructure.
NO CARRIER
Isn't Kevin's site http://www.defensivethinking.com/? It doesn't seem to be up. Did it get hacked yet again?
"Men lie."
"Yeah, about sleeping with other women, but never about bioluminescent plankton."
-Dan Brown
Apparently this isn't a dupe because the other post links to a different article.
-- Never monkey with another Monkey's monkey
i could not have said it better myself. Sure the crackers have proven themselves, but wouldn't you rather have someone that is just as skilled but has the moral capability NOT to use his skills in a immoral way?
We already have enough liberal arts majors serving fries.
Should You Wipe After Taking A Shit?
Should You Jerk Off into some Kleenex?
Should You refrain from raping underage boys?
Should You Get A Life Away From Slashdot?
Sure, I'd hire a hacker. I don't think I'd want a Bad Guy or a Cracker or a Warz D00d or a Script Kid, but a hacker, sure, why not?
After all, I've got a fair amount of crufty lisp code that needs to be tweeked but have yet to meet anyone I'd trust with u+w. (Or rather, anyone I could afford...aye, there's the rub).
-- MarkusQ
P.S. For the ellusive final point, you have to figure out what the duck is for.
If I re-post all the +5 comments on this issue from the previous article, am I more or less honest than a convicted cracker? And if it works, and my karma goes through the roof, can I ever be reformed from karma-whoring or will I forver be branded the cut-and-paste king?
Freedom Is Universal
Linux-Universe
More like "I-should-stick-to-being-in-every-poll-so-I-dont-p ost-dupes dept."
I am getting VERY tired of the dupes. Seriously- I WANT an answer to this question from one of the Slashdot editors: how hard is it for you people to actually READ(gasp! What a concept!) the site you approve stories for? HUH? How about a new rule: "If you don't read the site, you DON'T APPROVE STORIES."
For a long time you guys have given the impression that you just don't give a shit anymore. One clear message was when you guys spun off that "meetup.com" thing, encouraged us all to participate in "slashdot day", and then you guys fuckin' didn't even SHOW UP because you had "other plans". What gives? It was, in fact, one of the first things we talked about at our local slashdot meeting.
If you don't care, here's a clue: find someone who DOES, and hand the site over to them, or just pick some new editors. If you do care, tell us what you're going to do to fix the problem- I'm sure, being the incredibly bright and talented people, that you can think of SOMETHING.
Oh, and while you're at it, add a "Mitnick" category, so all of us, who DON'T GIVE A CRAP ABOUT MITNICK, can filter out the stories.
Please help metamoderate.
You're wrong when you say he is a criminal. It would be more correct to say that he did violate some laws in the past. His crimes were relatively minor. He did not, for example, kill anyone. Nor did he injure anyone. Through enormously creative deception, he gained possession of data he wasn't supposed to have. He did not attempt to sell that information or extort money from its original owners. Please, keep some perspective.
There are some very unscrupulous people in the IT business who will go to great lengths to conceal their criminal activities, such as painting a legitimate, highly-skilled computer operator a thief after she tries to blow the whistle on them.
I for one as a honest person am tired of hearing about this frickin criminal! Yes! Criminal!
Sounds like this Mitnick guy is management material. Criminal action shows initiative. It shows that he will do what it takes to get ahead.
Most of our society looks at the criminal as a superior form of being not tied to the conventionalities of the honest man (ie peasant). But there is a big problem with that getting caught thing. If he was a criminal who hadn't been caught...well, there is there is no end to how far he could go in the American corporate structure.
Who knows, he could have been CEO? I suspect most CEOs have done far worse things than Kevin Mittnick on their back stabbing drives for power. Unfortunately, there is a gentleman's agreement on being caught, tried and covicted.
Hiring a felon might get people looking closer at what companies actually do, and how the insiders funnel off profits. It would be far too risky to hire the man.
Dupe Dupe Dupe
Dupe of Earl
Dupe Dupe
Dupe of Earl
Dupe Dupe
Dupe of Earl
Dupe Dupe
whe-en I-eee waaaalk though this world
nothin can stop me, I'm the Dupe
I walk free-eely in my Dupedom
Cause nothin' can stop me, I'm the dupe of earl.
Maybe it's not a dupe, maybe it's a Poll Collision?
Personally, I like dupes... things should be considered more than once. Two closely spaced conversation reveal another dimension, the dimension of time, the fluctuflowations of the think.
But then, that's because,
I'm the Dupe of Earl
And you-uuu will be the Duchess in my Dupedome,
And nothing will stop us, from duuupin' agaaaain.
Hiring a former cracker to secure your network could be an extremely valuable move. Why? Because they know the mindset and thought processes of one who is trying to compromise system security. This is not something that can be learned through college courses or workplace experience. Oh sure, you probably learn a lot with both of those, but it's always at least one step behind (you're only learning how to prevent those techniques, exploits, and patterns thereof that people have tried before). Former crackers can more easily step into an adversary's shoes, potentially giving their company valuable insight.
"Therefore, I say: Know your enemy and know yourself; in a hundred battles, you will never be defeated. When you are ignorant of the enemy but know yourself, your chances of winning or losing are equal." -- Sun Tzu, The Art of War, Chapter 3
Besides, if a company's network were compromised mysteriously by someone on the inside, who do you think would immediately be the prime suspect? No reasonably intelligent former cracker would ever do such a stupid thing.
Furthermore, regarding your analogies:
I would hire a convicted embezzler to keep track of my savings account if it were in danger of being attacked by numerous embezzlers on a daily basis (much like how corporate networks are attacked by crackers). And, for the same reasons as above.
And your rapist analogy is quite off base seeing how, even if one's daughter were in danger of being attacked by numerous rapists on a daily basis, such an attack would be extremely easy to spot and would require absolutely no special skills to help prevent (other than, maybe, not being a quadriplegic mute). A sufficiently trained monkey could stop a rapist -- and a sufficiently trained monkey could probably be a rapist. =)
Why hire a hacker then my employer already has one working for them, they just don't know they do! heh
A lock-pick to help me get my keys out of my locked car. If he's got the skill and I can supervise him, great.
I sure do wish old ike was here :-(
I'll second the Mitnick bit. I can't figure out why people are so interested in Mitnick. He's a not particularly technically talented person, and he was dumb enough to persistently go after the wrong people and get caught.
May we never see th
If you (or your workplace) has a technically competent IT department, there is a good chance you already have hired hackers. If you also have a technically competent Infosec department, there's an even better chance. The only difference we're now hashing out is whether you wish to limit yourself to those who were either smart enough, or lucky enough, to never have gotten caught.
The important issue is not a criminal "hacker" record, but rather the abilities of the individual in question. If they are able to bring a particular skill-set to the table and perform to expectations, then they make a good employee.
The recent demonizing of "hackers" seems to have little to do with ability or morality. Such laws and legal actions seem to have more to do with publicity. A lawmaker or prosecuting attorney's career should have little to do with your hiring process.
There are exceptions. If the individual in question committed embezzlement, then they have demonstrated a willingness to victimize their employer (to say the least). Such an individual would be a risk - but then, that has little to do with a "hacking" conviction.
The other extreme is seeking to hire those with criminal convictions. This is perhaps a better example of "reward[ing] people who break laws." A computer crime conviction does little to prove one's skill-set. Again - it proves one was either stupid or unlucky. Or upset the wrong people. It doesn't prove that one would be able to deliver as a consultant or IT team member.
One final note - the old days of hacking seem to be passing. Hacking, no matter your definition, has always been about learning a system. Back in the old days, the only way one could gain more time/access to a system was to learn how to manipulate the system and provide it oneself. Without permission, if need be.
These days, one can create a functionally similar environment to most of what one would find in corporate and Government network at home using cheap, old hardware and free software. The need... and the excuse... to attack remote systems to gain the access needed to learn is fast fading. Of course, that doesn't take in to account proprietary hardware and software. But then it becomes a question of the risk being caught versus the lure of such systems. But then - if you learn enough and build a career, you'll get access to those systems legally.
1. Believe in People.
2. ?????
3. Profit!!!
In Soviet Russia, Slashdot dupes YOU!
I disagree in the bounds of your phylosophy, because it is the negative energy in this world that highlights the positive energy that counterbalances the environment. In a world of computer security, Kevin Mitnick is a mere pawn. Kevin has been there, he has wandered around the 'negative' side of computer security. Reluctantly, I confess much of modern security is attributed to the 'negative' side of science. It's the ever-so-encroachments on our communication that provides jobs to make the communication more secure. Kevin is just a man, a nice man that has been slandered. Kevin didn't kill anyone, his interest in computer security and curiousness of the world around him was channeled in a way to take advantage of his resources. Who wouldn't want to travel around the world networks in a day? If I knew half of what Kevin knows, I would do what he did in a heartbeat, but that wasn't enough, or perhaps even Kevin didn't care about concealing his attempts; he was caught and his sin compared equal to an armed bank robber using a battering ram to steal the hard-earned gold of an orphanage.
Look at Kevin, learning from himself, he has invested in him the phylosophy of computing security that none of the conspirators or critics against him could muster. Do you trust someone else with your security, that always plays catch-up to the crackers that have not been caught? In a past slashdot article (maybe this story is its dupe), Hewlet-Packard's representative and Kevin Mitnick's DOJ prosecutor debated (slandered) Kevin saying they know all about security and all Kevin is capable of doing is being a criminal. In the rhetoric of the Fox guarding a henhouse, this is absolutly sidewise. Kevin is just a mere wolf, captured by the farmer and turned into a sheep-hurding dog. Enough with the comparisons, everyone in the security world is nowhere in sight of the skill Kevin Mitnick has attained. They're the ones that sit back in shock and awe with only an on-off switch to save their ass. Kevin has been there, and laughably his unlawful detention to a prison has not and will not impede his skill. Kevin is a master of security, he didn't go to college, that's where uneducated go to learn, when they aren't capable of becoming brilliant or ingenius on their own. Some of us are born knowing what we want to accomplish...Kevin is who you want to meet for the most secure data networks.
In the words of a fellow slashdotter in a previous article, this post pretty much sums what Kevin Mitnick should be treated as by everyone. Kevin Mitnick, what a name, what a man. In a world of curiousity, you can be enslaved for someone else's lack of passion in their job. Kevin Mitnick is waiting to be hired, The Counselor on Computer Security. This is an enterprising man that is being held hostage by people who think they are God, judging him perpetualy. Above all, Kevin Mitnick is an American and I will die for his freedom because I know he would stand for my freedoms too. That is the hacker's ethic: Freedom!
The critical flaw in the thinking of establishment dweebs like Painter and Winkler is that they assume that security experts who are lawful are also skill- and knowledge-equivalent to a criminal or professional hacker, even a benign or hobby hacker.
... and I would bet my left testicle they would find this information in the writings or testimony of all types of hackers.
How do you know your code's broke unless you try to break it? Breaking software is a good way to test it -- since real-world operations are what the software will experience normally -- hence hacking systems is the capstone on the surety that your systems are secure. So, even if these so-called security experts do perform these tasks (i.e. hacking their own systems with permission), they must still come up with ways to assault systems
At the basis of knowledge and skill, knowing and doing are the same thing. Painter and Winkler types don't dare admit this even if they do understand it. They would be police admitting to the usefulness and need for criminals. I never expect to see that happen.
Mitnick is still in prison, but now his bars are made of philosophy.
[You have a stable society when some nut guns down a schoolyard and the law doesn't change.]
I find it rather humourous that the DOJ says crimminals are criminals, and ex-criminals should not be allowed to guard corporate interests, but the DOJ doesn't mind putting Poindexter (who was convicted, and then let off on a technicality, thus making him an ex-criminal) in charge of the largest database of personal records on the citizens the DOJ is supposed to be looking out for. Makes you kind of wonder about this government that's supposed to be by, of, and for the people.
For those who describe their systems as 'boxen', do you order multiple 'boxen' of corn flakes also?
Today we ask businessmen - should they hire a Journalist? Looks like people noticed that famous Journalist - Charles Manson - has very big experience in journalisting. He killed enough people to be famous and write interesting articles. Few other journalists said, that Charles is not really journalist, but criminal. We think they are just jealous that they are not so popular.
In fact, we were unable to find journalist who will see difference between hacker and cracker.
There is also another article about this topic. Also here is a direct link to a discussion as well. The article is mostly the same old thing but some of the comments are well thought out and argued *gasp* intelligently.
The UNITED STATES is a corporation. I found this slashdot post, and it contained this URL to a page on chansen.tzo.com. I'm sure, you're wondering where the hell all these pirates (UNITED STATES LLC) came from. Further perusing, apparently after the American Civil War (a) UNITED STATES corporation appeared in 1871. Here is the chansen.tzo.com URL for outlining some facts.
Scarry shit, eh? And further investigation... Durring the American Civil War, somthing like 8,000 British troops were positioned on the Canadian border around the Great Lakes waiting as if to invade American (again), but President Lincoln asked the Czar of Russia to position somthing like 5,000 troops in the California territory (Republic) in anticipation of Brittain's invasion. That's some scarry shit. Look up the Common Law and especially do some research on the Uniform Commercial Code; that's what I discovered. Apparently, the UCC was used to enslave the states (yes, a state is a person offering a service; you and me according to Common Law). Yet, the UCC can be used to make you free.
I highly recommend the research. It all fits perfectly and I don't believe any shit without evidence, evidence, and evidence. Also, reading the Senate reports is where you get all your evidence. Apparently, the UNITED STATES LLC (the illegitimate sadistic private company) went bankrupt again recently in 1971(IIRC?). I haven't stopped researching, and working by the Countly Clerk and private notary is what everyone is raving about. I think I'll try it, despite being shot at. LOL
Just don't. Hackers are unreformed anarchists with the desire to deface property and snoop on other people.
They are terrorists and a convicted 'hacker' should be sent to guantanamo where they would rot away
guarded by US government einsatz men.
from mister Painter. Boohoo Chris. Kevin is going
to be worth more money than you will make the rest
of your life in a few years. Not even a lame book
deal will help you keep up.
For every annoying gentoo user, are three even more annoying anti-gentoo crybabies. Take Yosh from #Gimp for example.
he numba 1 hack-crack bad boy!
he makee me spoogie!
numba 1 powah, numba 1!
I view this the same as any other situation that has come up over the years about hiring hackers. Most companies have no problem hiring hackers if there is not an available criminal record on you -- there are countless examples of this, by the so-called "we don't hire hacker" companies. They don't want a list of excuses why they can't hire the best person for the job. They need someone with experience, but where does that experience come from -- writing sort algorithms in a college CS class? Of course not. If there is no court document on you, then there is no problem -- everything else is he-said, she-said. Ira hires who he believes is fit for the job. This puts him legally in the clear and allows him to acquire the bodies to perform the job best. Ira doesn't need a witty comeback to Mitnick's half-cocked bullshit. Ira has continually viewed the hacking scene as "running scripts doesn't make you a hacker", and "the willingness to commit a criminal act doesn't make you a hacker, it makes you a criminal", so it's rather petty for him to need a witty comeback to Mitnick's crying game. I find Mitnick's attitude pretty shameful in a public forum. Whine whine call other people names -- real professional. I can't believe this portrayal happened at RSA -- I could believe it in other forums -- how disappointing.
any hacking is unethical. In his words, searching for open ports on a machine that isn't yours is like walking door-to-door in the neighborhood to see if one's unlocked. Do you trust someone that does that? Or how about if your door was unlocked is it ok if they start rummaging through your drawers?
a f- breakin-ethics.ps.Z
He also debunks the "skills" of hacking as mere hackery. A metaphor he uses for hacking in the physical world is pouring sugar in a gas tank. Can you learn to pour sugar in a gas tank? Unless you're retarded and can't use your hands (my words). Does that make you a mechanical engineer? You hire a guy with that resume to work on YOUR car then.
Saying a hacker is an expert on computer security is an insult to the profession.
Here's a link to one article "Are Computer Hacker Break-ins Ethical?" Which if you beleive they aren't would mean hiring a hacker is hiring an unethical person. Which you can do, much like you can hire child molestors for a day care. It's just negligent and unethical on your part, too.
ftp://coast.cs.purdue.edu/pub/doc/law+ethics/Sp
If I coould find somebody... They would first have to get rid of any I'm God, you're not behind a computer personality, and simply let me know what I need to do to secure my boxes and networks and they would get paid very well for their knowledge... seriously, if you are a hacker and you read this and are looking to make money, email me...
||| I still can't believe Parkay's not butter.
The worst thing is, I read it and thought for a moment that it said "Should you sire a Hacker?". That brought up some very disturbing images before I focussed my eyes...
anti-dupite Jerry!
I know you are psychotic, but please make an effort.
Hacker: My s00p3r 3l33t h4X0r 50lu710N w1ll 5yn3rg15e ur bu51n3s5 t0 500p3r 31337 5t4nd4rd5!!!
Suit: Er...what?
If you're happy and you know it read my blog
I see the editors learned ctrl-c, ctrl-v.
I won't get into the ethical arguments of hackers but will just say that I have seen a boat load of self taught security folk who basically just learned their trade from hacking websites and newsgroups. These guys run circles around the degreed "experts" consistently. That seems to be less a kuddo for the hacker and merely a shame-on-you for modern schooling and the credentializing mentality of many organizations.
Your comment about unethical and negligent businesses (employers) is really the key issue here. Perhaps I have seen too many incompetents be placed into decision making positions but it just follows that such a stuffed suit will then not have the experience and mindset to filter out buzz compliant (and other superficial strategies) yuppies from ethical and dedicated professionals.
I not a cracker, but I am the sort of person that could be a cracker, and my urge for such things is fully satisfied by honest programming.
The problem is--what if they were not cracking out of curiousity, but for profit? How do you know that in some fashion or another, they have more to gain by breaking your server wide open than they have in getting a paycheck?
If you can't see the value in jet powered ants you should turn in your nerd card. - Dunbal (464142)
Kevin is an incredibly resourceful person.
Many of us have hacked and did not get caught like him, but if any of us think we can stand the full force of the FBI and Tsunomo coming at us, then we have an ego problem.
Kevin should be hired, just we are hired.
I didn't read the article (who does!?)
But... when I did my job interview I told my future boss that I was a hacker, not a programmer.
He knew the difference (and what a hacker really is) and said "Good, I need a hacker, not a programmer."
I took the job.
Unfortunatly after he left the new management didn't know what the hell I did...
aarrgghhh.....
When I think of dirty old men, I think of Ike Thomas and when I think about Ike I get a hard on that won't quit.
."
."
."
Sixty years ago,I worked in what was once my Grandfather's Greenhouses. Gramps had died a year earlier and Grandma, now in her seventies had been forced to sell to the competition. I got a job with the new owners and mostly worked the range by myself. That summer, they hired a man to help me get the benches ready for the fall planting.
Ike always looked like he was three days from a shave and his whiskers were dirty white under the brim of his battered felt fedora.
He did nott chew tobacco but the corners of his mouth turned down in a way that, at any moment, I expected a trickle of thin, brown juice to creep down his chin. His bushy, brown eyebrows shaded pale, gray eyes.
Old Ike, he extended his hand, lifted his leg like a dog about to mark a bush and let go the loudest fart I ever heard. The old man winked at me. ?Ike Thomas is the name and playing pecker's my game.
I thought he said, "Checkers." I was nineteen, green as grass. I said, "I was never much good at that game."
"Now me," said Ike, "I just love jumping men. .
"I'll bet you do."
". . . and grabbing on to their peckers," said Ike.
"I though we were talking about. .
"You like jumping old men's peckers?"
I shook my head.
"I reckon we'll have to remedy that." Ike lifted his right leg and let go another tremendous fart. "He said, "We best be getting to work."
That summer of1941 was a more innocent time. I learned most of the sex I knew from those little eight pager cartoon booklets of comic-page characters going at it. Young men read them in the privacy of an outside john, played with themselves, by themselves and didn't brag about it. Sometimes, we got off with a trusted friend and helped each other out.
Under the greenhouse glass, the temperature some times climbed over the hundred degree mark. I had worked stripped to the waist since April and was as browwn as a berry. On only his second day on the job and in the middle of August, Ike wore old fashioned overalls. Those and socks in his hightop work shoes was every stitch he wore. When he bent forward, the bib front billowed out and I could see the white curly hairs on his chest and belly.
"Me? I just love to eat pussy!" Ike licked his lips from corner to corner then stuck it out far enough that the tip could touch the tip of his nose. He said, A man's not a man till he knows first hand, the flavor of a lady's pussy."
"People do that?"
He winked. "Of course the taste of a hard cock ain't to be sneezed at neither. Now you answer me, yes or no. Does a man's cock taste salty or not?"
"I never. .
"Well, old Ike's willing to let you find out."
"No way."
"Just teasing," said Ike. "But don't give me no sass or I'll show you my ass." He winked. Might show it to you anyway, if you was to ask."
"Why would I do that?"
"Curiousity, maybe. I'm guessing you never had a good piece of man ass."
"I'm no queer."
"Now don't be getting judgemental. Enjoying what's at hand ain't beiing queer. It's taking pleasure where you find it with anybody willing." Ike slipped a handside the side slit of his overalls and I could tell he was fondling and straightening out his cock. Now I admit I got me a hole that satisfied a few guys."
I swallowed, hard.
Ike winked. "Care to be asshole buddies?"
***
We worked steadily until noon. Ike drew a worn pocket watch from the bib pocket of his loose overalls and croaked, "Bean time. But first its time to reel out our limber hoses and make with the golden arches before lunch."
I followed Ike to the end of the greenhouse where he stopped at the outside wall of the potting shed. He opened his fly, fished inside, and finger-hooked a soft white penis with a pouting foreskin puckered half an inch pas
Do you people even read? the parent is basically saying "well corporate honchos are corrupt, so we'll add some more corrupt people" and expects that to be a logical statement.
The fact of the matter is there is a very SMALL number of highly corrupt, grossly overpaid executives that have achieved the highest positions in business. Lets face it, mom and pop or even your large-but-not-monolithic companies play by the rules and are downright ETHICAL. A few criminals overtaken by their own arrogance does not open the door to lowlife hackers. They are not related, nor is unethical behavior acceptable in any profession, much less one that involves individual and national security.
There are 6 billion other people in this world and I'll bet you $1 for each one there's probably someone that's just as capable, ethical, and available for the job.
We don't need to compromise.
You obviously know the editors[*] don't read their own site, so why would you expect them to read your comment associated with the article they seemingly don't care about?
[*] - this is aimed towards the editors who are notoriously bad for dupes; lumping them all into a category of 'indifferent editors' wouldn't be fair.
MOD PARENT UP
Get a life! lmao...
Hackers--sure, as long as they've grown out of their childish silliness. If you can think like a hacker, you're probably better at intercepting them than those who don't have experience at it.
Crackers--no. Once a thief, always a thief (or approach with such caution).
From New Architect's February issue. Also discusses so-called "ethical hacking services" that all the big data services players offer.
filmcritic.com - Movie reviews on Internet time
Hiring a hacker for security, isn't that a bit like putting a former DoubleClick exec in charge of privacy issues?
the next time you get a ticket, does that mean you should never be allowed to drive again?
I find it very odd that no one is looking at this from a social pov. The purpose of our prison system is to take a criminal, rehabilitate them, and send them back into the world. If everyone is opposed to criminals re-entering the "real world" and holding high paying jobs, then what does this say about our prison system? Are rehabilitated criminals not allowed to advance in a career that they choose?
Side Note:
Currently in a small Pennsylvania city, the police are going to inmates to learn how criminals do their crimes, and the steps they take to not get caught.
although some economical grounds could seem in the message, the point is about a trust to person who's ever been out the law. the trust is a key word.
// crackers as well, 'exceptions' with a lot of damage ;0 // are always forgiven. i wish there couldn't be such a cognition within new generation of hackers.
i think hacking is a social force that may be used inappropriately. it could be incorporated as a function or be just malfunction. this is quite crucial along with the hacking is based on a knowledge and its application, right or wrong.
whatever, it's worth giving the chance to start new life and put it at the communities consideration as a normal pattern. [like be a specialist in it-security, be right be good, it's a good way to help and pay your meals on that, etc.]
exactly i wouldn't like kiddies to think that talents
Breaking into a computer is easy, Winkler continued. Closing up security holes is the more difficult task -- a skill most hackers lack, he argued.
Winkler obviously has no clue how the entire software industry works. The absolutely most difficult part about working with bugs and security holes is FINDING THEM!!! Thats the skill hacker and crackers have. Once you find the problem, and you can easily replicate it, fixing it is pretty damn easy.
What's more, its not the security experts job to fix the bug, its his job to inform the developer that one exists and its the developers job to fix it.
Its idiotic comments like this that make a person like me, who is not necessarily a supporter or denouncer of Mitnick, think that they are just out to persecute him out of fear.
"All great wisdom is contained in .signature files"
How could you trust him? Being able to trust a prospective employee is key. If I got the feeling I couldn't trust someone, I wouldn't hire him. KM is a little too sketchy for me.
If I knew him, and found him to be trustworthy, that would be a different story.
Unfortunately, all I know for sure about him is that he hacked and social engineered himself into a lot of systems and did some time for it.
While the charges may have been trumped up to guarantee a conviction and jail time, fact is, he still cracked systems, and most dangerously, successfully socially engineered illegal access many times. He said himself that most of the time he was able to persuade people to give him what he needed, and did very little actual hacking.
Do you want him calling your help desk? All he has to do is go into a director's office when they aren't there , call help desk and get "his" password reset.
C'mon....
The facts are this, no company can afford to pay someone to 100% lockdown everything nor could they function with everything 100% locked down. There will be things that the security expert will say you should do but you won't want done for either cost or convinience. With the wrong person this can hurt you in two ways.
1) The hacker get pissed that you didn't head the warning (and pay his fee) and will keep the info around for later or trade it with other black hats.
2) The hacker will be in a group of their hacker friends and while just shooting the shit will talk about this "stupid client" they had that didn't want such and such locked down. They won't give a name, but their friends knwo a lot of the places they worked at recently, or after enough beers someone can say so what clients have you had and get the list out of them.
The difference between the first and the second is malicious intent, but they both can have the same affect on you: people who wouldn't have been able to find an achillies heel in your security now have access to that information.
How do I know this can happen, I've been at meeting where people have done the above (the second is much more common than the first, tho).
So, just be careful. A black hat is still a black hat. I believe in reform (having worn a black hat as a teen), so it could be okay to hire someone who has given it up, but it is still a risk. The benefit is, IMO, people who have tried to get exploit security vulnerabilities both have a general better idea of how security works and know the places to get exploit information.
-no broken link
Didn't anybody else notice a similarity between the movie Catch Me If You Can with Tom Hanks and the story Takedown. Alright, Kevin probably never got any chicks or much in the way of money, but the idea is still the same, where you can be to high profile and experienced to ever start being a criminal ever again, so you might as well start becoming good at helping catch the bad guys. There is probably just as much personal satisfaction out of catching theives as there is being one. The only difference I think is that you get patted on the back for catching a guy but not for being caught.
- Kill Yourself, spare us all! -
No trolling, just my thoughts.
So KM was stupid enough to get caught, unlike many white hatters. Most of what he did falls into the button pushing category, rather than the illicit profit & malicious damage category. And as history has shown over & over, prosecutors really like to stack up the charges and inflate the cost of any estimated damages - especially when there's a cracker involved in a high profile exploit. Hell, I don't think the damage Mitnick inflicted even begins to approach that of the average virus distributor. And it certainly doesn't fall into the scum sucking Ken Lay, Scott Sullivan (and other executive practioneers of corporate malfeasance fraud) that seem as common as everyday breaches of our constitutional rights. Yet these are the people that society likes to hold up as pillars of their communities, and respected businessmen... of course until they get caught screwing the retirement fund pooch. Then all of a sudden (or for at least 2 weeks anyway) everybody's focused on the problem, until the next ET cover story on who's screwing who in la la land.
Mitnick's already served more than anyone's reasonable assessment of a fair penance for his transgressions (has everyone forgotten the manner in which he was illegally held for years before being sentenced). If he is sincere about reforming and can truly prove it given a fair chance, WHY NOT consider allowing him to earn a living at what he is best at? Seems to me that time & time again, society refuses to recognize that a person who breaks the law, gets caught, is sentenced by the court, and then serves their time, has to be given an opportunity to build a new life by demonstrating that they have learned something positive from being imprisoned. Look, I ain't no bleeding heart. Pedophiles, true sex offenders, and sociopathic killers do not qualify in any way, ever, for a second chance. But by refusing to differentiate between shades of gray when being judgemental, isn't society making it all the more probable that people cannot earn a respectful living using the skills they already posses (and I don't mean to include safe cracking, counterfeiting, etc)? If they can't make ends meet eventually, they may be overly tempted at some point to use their experience to again break the law... except this time in a more competent and disingenious manner? The classic progression of a hardened criminal.
And hey - if he screws up a second chance, we can always just take him out back and shoot him. Probably be legal by then anyway.
A quick search on google, for some background:
http://www.google.com/search?q=misuse+of+term+hac
Imagine how angry a Muslim would be at an article titled "Should You Hire a Muslim?"--the author going by the assumption that all Muslims are terrorists. If you're a Muslim living in the US post 9/11, or if you have Muslim friends in a similar situation, you'll understand what I mean.
Just as all Muslims are not terrorists (it's a real, real shame we have to explain this to some over-patriotic jerk in the US), all hackers are not social outlaws who break into systems to steal private data or cripple the system. A good hacker is capable of such stuff, and some hackers do, but the vast majority don't!
Kevin Mitnick *might* be a hacker--I don't know, I don't care. Even if he is a hacker, he's also a guy, white, American, etc. and his name begins with 'K'. Is it fair to say that all white American guys whose names begin with 'K' are criminals?
A hacker is only as likely to be a lawbreaker as, say, a carpenter, doctor, sportsperson, soldier, musician, lawyer (yes!) or even policeman.
Why hire convicted rackers?
They proved to the world that they lack skills by getting caught. Of course my preference goes to people who know what they are talking about whether or not they got convicted.
There are a _lot_ of unconvicted hackers/crackers who don't make the headlines by being stupid and getting caught. These people are much better for your company long term..
If the person shows good solid evidence of being reformed, I don't see what the problem is. If they got caught once, they certainly no longer feel invincible. They know the consequences and the ease of getting caught more than Joe Random.
With slightly different role models and peer pressure in jr.high/early high school, I could definately see myself getting into lots of mischeif just for the curiosity of the thing. I think any reasonably intelligent and curious youth could have found him/herself in Mitnick's shoes. It's easy to screw up at an early age and keep in old patterns. Few people self-reform.
Iif you personally don't want to take a chance on a one-time convict, don't prevent others from taking the chance.
Copyright Violation:"theft, piracy"::Anti-Trust Violation:"thermonuclear price terrorism"<-Overly dramatic language.
Calling him a criminal is giving him too much credit. No, Kevin is just a dumbass. He doesn't know anything. How could he, he's been in prison longer than he's been hacking.
Aside from that making any sort of behavioral judgment based around Mitnick is asinine.
When was this guy saying Kevin is a fscking hero?
Good God, man! RTFA! The Hewlett Packard Rep and the DOJ fucktard are castrating a real concept of security and jizzing all over a true Security Expert named Kevin Mitnick!
Their concept of security is Social Security Numbers, Credit Card Numbers, birthdays, mother's maiden name, and God knows what the fuck else they realy want to conceal in Palladium!
Get off the rags and smell the bloodshed!
Some of us never did (and I'm glad for that)! :^)
But how good could he actually be, given that fact!
A radical union activist is someone who would eventually like to see the means of production, that is, all capital, collectively owned by the people who work with it (not by the people who don't work and take wealth from the people who work with capital). A hacker is similar - they are people who seize the means of production for their own uses, without the permission of the owners of capital. So would a manager hire a hacker if aware of that fact? Usually not, it would be against their function to. Nonetheless, I am well aware of many hackers or ex-hackers, and radical union activists being employed by corporations. They just keep their activities which clash with the desires of the owners close to their chest, as during this period of history, it is the idle classes who have the power in this society.
How is having troops in California gonna help prevent an invasion a couple thousand miles away??
Tresspassing, like speeding, is a minor crime in the grand scheme of things. But thats what Kevin did and he spent 5 years in jail for it...thats whats "extreme".
according to YRO (http://yro.slashdot.org/article.pl?sid=03/04/16/1 844222) a doubleclick CEO was hired by the dept. of homeland security to be a privacy czar. where's the difference?
or dick cheney & gw bush establishing the energy policy (& other policies) of the US in the interest of US citizens...
"One of the symptoms of an approaching nervous breakdown is the belief that ones work is terribly important." -BRussell