Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Hackers Interviewed

Posted by Zonk on from the learning-from-the-blue-hats dept.

An anonymous reader writes "SecurityFocus has published an interview with Dan Kaminsky. He was guest-hacker at Microsoft Blue-Hat event. At the same time, Whitedust is running an interview with Richard Thieme from back in April. Richard is best known for his column 'Islands in the Clickstream' which is syndicated in over 60 countries." Thieme also wrote a column or two for Slashdot back in the day. From the Kaminsky interview: "Corporations are not monolithic -- there is no hive mind that can one day change every opinion towards some sort of 'rightthink'. Microsoft has said the right things about security for years, but then, who hasn't? Security requires more than PR, or even proclamations from C-levels."

2 of 57 comments (clear)

  1. "Blue hat" hackers by tpgp · · Score: 5, Funny

    Note to Microsoft

    We have more then enough hat colours as things stand.

    Blue Hat hacker sounds like an IBM employee anyway (or an Anti-Fedora agent?)

    --
    My pics.
  2. Just like Customer Service by WebHostingGuy · · Score: 5, Interesting

    Duh.

    Security is a neat buzz word lately. We all "need" to do security, blah, blah, blah.

    Security is just like customer service. In order for it to be effective you have to ingrain it in a culture which places it as a top priority. It's obvious that most developers and corporations think of this as an after thought.

    Okay, we need functionality x and y. Great, now that we have it ... oh yeah, put a firewall in front of it. What, we were hacked? We had a firewall ...

    Just reading the article it shows that the developers were surprised someone can reverse engineer their code; they were "annoyed" someone created a graphical exploit. Annoyed? How about pissed? What about "motivated" to plug the hole. Obviously we weren't there to hear this first hand but it sounds like just an oh well we should do something about this. The article talks about a priority shift. Just another corporate slogan.

    If it was a true culture shift you would see something like: x company has announced the hiring of 1,000 new software programmers to create a new division of security. This new division will audit all code for potential security problems before any new programs are released.

    --
    Quality Hosting e3 Servers