Defense Department Eyes Hacker Con For New Recruits

alphadogg writes "The US Air Force has found an unlikely source of new recruits: the yearly Defcon hacking conference, which has been running since Thursday in Las Vegas. Col. Michael Convertino came to Defcon for the first time last year, and after finding about 60 good candidates for both enlisted and civilian positions, decided to come back again. Federal agencies have only recently begun embracing the hacker crowd. When US Department of Defense director of futures exploration Jim Christy hosted his first Defcon 'Meet the Fed' panel in 1999, he was one of two people onstage. At this week's Defcon, there may be several thousand federal employees in attendance, he said."

Isn't this an obvious way to recruit

[ta+bu+shi+da+yu]

Seriously, these events attract at lot of smart, independent thinking people who love technology. What better place to recruit people? If it works at Universities, then it probably works better at DefCon.

I guess they were worried about the "independent thinking" before...

Re:Isn't this an obvious way to recruit

[russotto]

Seriously, these events attract at lot of smart, independent thinking people who love technology. What better place to recruit people?

Emphasis mine. Civilian positions are one thing, but it seems to me if you put a smart and independent thinking person through the military's recruit-crusher, you're either going to get a non-independent-thinking person, a smart and independent thinking person who has been faking non-independent thinking and hates the military for it, or a corpse.

Hackers & discipline... probably not the best combination ever.

This years Defcon: Not good

[thenextstevejobs]

I drove all the way down to Vegas from SF Thursday, and by Friday evening I was ready to get out of there. I went to a few panels and was thoroughly underwhelmed. It was crowded, not exciting. Several people walked out of talks. I overheard some other people say "maybe tomorrow will be better". Well, I don't know because I sold my badge and bailed early.

Not to say that there couldn't have been some good smart people to hire there. But after the level of disappointingness Defcon had to offer, I'm no longer impressed. The atmosphere definitely did not inspire me to want to hire anybody.

Security is very discouraging.

[Animats]

Security is very discouraging. I was in the field a long time ago and got fed up. It's just hopeless. The same problems come up over and over.

• Microsoft has the mindset that anything executable that comes near their operating system should immediately be executed. CDs and DVDs autorun. USB devices autorun. Active-X controls autorun. Universal Plug and Play stuff autoruns. Yes, they now have some "security controls" on this, which sometimes actually work.
• Remote update. Not only is patch downloading a lousy way to prevent security problems, the download process itself introduces a huge backdoor. With every two-bit application now supporting remote update, it's easy to find an attack vector.
• Overly powerful "install" mechanisms. Apple had it approximately right in the original MacOS; an application was one file with a resource fork. Delete one file and the app was gone. Now, installers expect to run with administrator privileges and blither all over the machine.
• Crappy security models. We know what works - mandatory security with integrity levels. The trouble is that most apps whine when made to work under those restrictions.
• Thirty years of buffer overflows. The fundamental problem is that the C and C++ concept of arrays is broken. The language has no idea how big an array is. That's defective by design. The C++ crowd tries to paper over the problem with templates, but the mold always comes through the wallpaper. Most of the newer languages come with a gonzo interpretive system underneath, which makes them slow, overly complex, or both.

That's just part of the list. I don't see a determined effort to fix the underlying problems. Given that, it's hopeless.