Information Security News mailing list archives
Re: Don't hire DefCon hackers
From: cult hero <jericho () ATTRITION ORG>
Date: Tue, 8 Aug 2000 04:20:27 -0600
http://www.globetechnology.com/archive/gam/News/20000808/ROUTS.html VICTOR KEONG
Oh, just a simple journalist.... no, reading down we see that Victor works at one of the Big 5 auditing firms, each of which have an interest in the security consulting arena.
From all over the world, they make the annual pilgrimage to Las Vegas. They have names such as Mudge, Null and Dark Tangent. Tattooed,
They also have regular names such as George Kurtz, Marcus Ranum, and Ron Gula. Dressed casual, on corporate budget, and ready to brag.
They are, by far, the smartest group of misfits you will ever encounter. Some of them have IQs that can boil water, others have technical and programming skills that can put almost any system administrator to shame, and if you run a computer network, they can be your worst nightmare. Welcome to DefCon 8.0.
Wow, it sounds like this Victor guy was actually there. But hey, its ok if HE is there. He is certainly different than these 'misfits' and remains the 'good guy'.
The most unconventional of conventions, DefCon 8.0 was the annual meeting ground for dozens of the computer underground's most elite and notorious hackers. Driven by a belief that information should be
Dozens? With an attendance of ~ 5800...
freely available to all, they spend their time creating devious and elegant methods of cracking computer security. Any barrier to the free
Also driven by a belief that a system may feasibly be created to repel all attacks. Thus firewall vendors, IDS creators, and OS developers like Theo De'Raddt showed up.
access of information is a challenge. And they take the challenge seriously. As in previous DefCon gatherings, the hacking community flushed out significant system vulnerabilities and exploit methods.
Something the big 5 rarely do. But hey, they're the good guys!
Often, such disclosures give not-so-skilled malicious attackers (dubbed "script kiddies") point-and-click tools that they can use to easily take down Web sites.
They also give every penetration/assessment team around the world point-and-click tools so that they can easily audit client networks, reaping huge profit at the expense of the hacker's free time.
Fortunately, testing for security vulnerabilities isn't limited to the black leather-wearing crowd with The Matrix-inspired nicknames. There are safer, mainstream alternatives. A continuing, qualified security advisory service is what corporations should look for from consulting firms. Dedicated technical resources will focus on identifying and qualifying serious, relevant network vulnerabilities as opposed to hacker-driven noise.
And where exactly does this "uber good, white shirt wearing, clean cut corporate firm" get their advisory information? From the black shirt wearing scum at defcon. It is thoroughly amazing how the Big 5 will step on the little people as they climb the profit ladder.
Keeping up with the best of the computer underground may not require a visit to the tattoo artist just yet. Victor Keong is a senior manager in the secure e-business group at Deloitte & Touche, and is the firm's global leader for network attack and penetration services.
Translated: "this was a sales pitch! we must take steam away from those evil black shirt wearing scum in the desert! people aren't paying attention to the Big 5 audting firms! our profits are dipping, oh no!" FUD. ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Don't hire DefCon hackers InfoSec News (Aug 08)
- Re: Don't hire DefCon hackers cult hero (Aug 08)
- <Possible follow-ups>
- Re: Don't hire DefCon hackers InfoSec News (Aug 10)