[iwar] Historical posting
From: Fred Cohen
From: fc@all.net
To: iwar@onelist.com
Mon, Jan 1, 1999
fc Mon Jan 1, 1999
Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id FAA15269 for iwar@onelist.com; Tue, 18 Apr 2000 05:21:43 -0700
To: iwar@onelist.com
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe:
Date: Mon, Jan 1, 1999
From: Fred Cohen
Reply-To: iwar@egroups.com
Subject: [iwar] Historical posting
I read Ira's column on ZDTV, and was very encouraged by his remarks. I
agree with his taking 20/20 to task over the type of story they ran. It is
just a shame that ARC's Security Manager (one must seriously question that
individual's title in this case) had so little courage, or perhaps such
great self-interest, to act as irresponsibly as he did.
Over the months and years I have read the occasional print article about how
companies seeking to bolster their InfoSec staff have hired, or at least
considered hiring former hackers to fill certain gaps. Such a practice is
worrisome in the extreme, especially when one considers just how little the
erstwhile employer understands the psychology of such a person. Those
considering hiring such types would do well to read Gordon Meyer's thesis on
"The Social Organisation of the Computer Underground". Though a bit dated
(1989), this study's assessment of the mind-set of hackers and their ilk is
still accurate.
I believe this epitomises inviting disaster in by the front door. Any
person bent on extortion (even if it occurs by accident, as it did in the
case of ARC) will continue to pursue it. Each success will only encourage
additional attempts. By exercising such poor judgement, the ARC Manager
provided such encouragement. And while I may understand his concern (about
incurring additional wrath from Global Hell), I think the consequences he
and ARC did suffer - and may yet have waiting for them - are far worse.
I think employers who would consider hiring hackers and others that threaten
them should take careful note of this story. Stupidity is often its own
reward.
Ross A. Leo, CISSP, CBCP
Swedish military to prepare for high-tech warfare
The Swedish government plans to train special
information technology soldiers to protect the
nation's military computer systems from hackers,
a newspaper reported Monday. The government has
issued a directive to the armed forces to train
``IT soldiers'' to be able to destroy hostile
systems as well as protect Swedish computer
systems, according to the daily Svenska Dagbladet.
http://www.sjmercury.com/svtech/news/breaking/merc/docs/008563.htm
How to Get a Job in Computer Security
ABC's report on hackers just encouraged illegal
intrusions into computer networks.
The two questions I'm asked most frequently by readers
are "How do I hack computers?" and "How do I get a job
in security?" About eighteen months ago, I started a
series of columns on how to hack computers. Since real
hackers want to learn about computers on their own, the
columns were focused on providing assignments for
readers to complete on their own. Each column outlined
a computer principle, with little guidance.
http://www.zdnet.com/zdtv/cybercrime/spyfiles/story/0,3700,2413045,00.html
FC
--
------------------
http://all.net/
========================================================================
To UNSUBSCRIBE from this community, send an email to:
iwar-unsubscribe@onelist.com
and reply to the confirmation email we send you.
========================================================================