hiring hackers

tommyj27

tommyj27

Not really Banned
this was on slashdot today, i'm just curious what everyone's take on this is. personally, i feel the best way to lock down my own systems and other systems i may be employed to secure is by learning how they are vulnerable and trying it myself, a lot of this i can replicate at home without screwing with someone else's shit. I guess I have a complex definition of right and wrong, it's black and white for me but there are about a million caveats in my thinking.
source

Should corporations hire known hackers with criminal records to test and secure their networks?

The question, posed to four panelists at the RSA Security Conference held at the Moscone Center today, pitted hacker Kevin Mitnick against Christopher Painter, who prosecuted Mitnick in 1995.
Click to expand...
 
I think it's the only way to do it. The hackers mind is different from the security persons mind. If you want to really test your network, you can't do it from within the firewall.
 
The issue is thayt it encourages illegal hacking as a "resume' stuffer". It's a tougher question than it appears.

Personally, I think any job which requires experience in illegal activities is probably not a good idea.
 
a small and ironic story....

A while ago a big company hired one of the best hackers in the world (i think he was from Holland), anyway, the company wanted to test its security system and they dared the hacker to hack it.

After a while, he gained all the privilidges on the system, but he didn't hacked into it. His employer was really surprised with this guy's job, so he proceeded to ask him how he did it, and he said:

"i know i could have hacked into your system, but it would have taken me a while, plus it is far more easier to score with the chairman's secretary (assistant??) to get his passwords"

moral of the story, it doesn't matter how secure your system is, there's always a big security flaw when it comes to people.
 
I went to a systems security congress, seriously, the biggest flaw is the people, it doesn't matter if you force them to change their passwords periodically if they are going to write it on a postit next to the monitor.

There are many approaches to reduce the risk, but it will be there......always.
 
I just cleaned a computer I got today that had the user's password written in big red letters on the front of it. We really need to start hiring more intelligent people.
 
HomeLAN said:
Personally, I think any job which requires experience in illegal activities is probably not a good idea.
Click to expand...

Good point, but how can you do it then? The hackers of the world think different. They don't look at the ports you think you should, they look at the ports that you don't even know are there, or find other ways in that you just wouldn't even think possible. It takes a criminal mind to find criminals. It's the same reason some of the best detectives out there were not so good people when they were young, but the higher-ups know that, and that's why they get the jobs, they can think like the criminals.

greenfreak said:
I just cleaned a computer I got today that had the user's password written in big red letters on the front of it. We really need to start hiring more intelligent people.
Click to expand...

It's like that where I work too. Apparently it's just too damn hard to remember 6 numbers or letters.
 
Passwords are just a bitch period. I've never written them down but at any given time i have to remember about fifteen of them for 100 different websites. For this reason i rarely use random characters but i do have the tendancy to make up my own words for instance 'hackertrap' was one i used for some time. With that one i figured it might deter 1/100 crackers who might be stupid enough to break into one of my worthless accounts. Also i just tend to limit any online activity that could come back to haunt me. Any online money sites i use always have random passwords but i also always forget the damn passwords.
 
It reminds me of the radar vs. radar detectors syndrome. The same companies made both. They would sell us the latest in detection and then sell the police a 'new' radar that was undetectable. Hackers probably do the same. I also suspect many viruses com from anti-virus software makers...Just to keep you updating...
 
Squiggy said:
I also suspect many viruses com from anti-virus software makers...Just to keep you updating...
Click to expand...

That's a suspicion I've had for years too. Who better to write them than them? Especially with the wave of non-harmful but annoying viruses that came around a couple years back.
 
Well...i don't think that they make'em, that would be enough to send any business down the drain. However, have you ever noticed that Microsoft makes just about every piece of software in the world but Antivirus? The truth is viruses are good for their business.
 
HeXp£Øi± said:
However, have you ever noticed that Microsoft makes just about every piece of software in the world but Antivirus? The truth is viruses are good for their business.
Click to expand...
I don't understand why viruses would be good for M$ other than them being the hero when they gets called on to fix the mess they allowed to slip by in the first place.
 
Luis G said:
a small and ironic story....
...
"i know i could have hacked into your system, but it would have taken me a while, plus it is far more easier to score with the chairman's secretary (assistant??) to get his passwords"
...
Click to expand...

Sooooo....if I score with the chairman's daughter, I too can be a hacker? Wow, this is easier than I thought!







:p
 
You must log in or register to reply here.
Back
Top