Re: Don't hire DefCon hackers

[cult hero <jericho () ATTRITION ORG>]

> http://www.globetechnology.com/archive/gam/News/20000808/ROUTS.html
>
> VICTOR KEONG

Oh, just a simple journalist....  no, reading down we see that Victor
works at one of the Big 5 auditing firms, each of which have an interest
in the security consulting arena.

> From all over the world, they make the annual pilgrimage to Las Vegas.
> They have names such as Mudge, Null and Dark Tangent. Tattooed,

They also have regular names such as George Kurtz, Marcus Ranum, and Ron
Gula. Dressed casual, on corporate budget, and ready to brag.

> They are, by far, the smartest group of misfits you will ever
> encounter. Some of them have IQs that can boil water, others have
> technical and programming skills that can put almost any system
> administrator to shame, and if you run a computer network, they can be
> your worst nightmare. Welcome to DefCon 8.0.

Wow, it sounds like this Victor guy was actually there. But hey, its ok if
HE is there. He is certainly different than these 'misfits' and remains
the 'good guy'.

> The most unconventional of conventions, DefCon 8.0 was the annual
> meeting ground for dozens of the computer underground's most elite and
> notorious hackers. Driven by a belief that information should be

Dozens? With an attendance of ~ 5800...

> freely available to all, they spend their time creating devious and
> elegant methods of cracking computer security. Any barrier to the free

Also driven by a belief that a system may feasibly be created to repel all
attacks. Thus firewall vendors, IDS creators, and OS developers like Theo
De'Raddt showed up.

> access of information is a challenge. And they take the challenge
> seriously. As in previous DefCon gatherings, the hacking community
> flushed out significant system vulnerabilities and exploit methods.

Something the big 5 rarely do. But hey, they're the good guys!

> Often, such disclosures give not-so-skilled malicious attackers (dubbed
> "script kiddies") point-and-click tools that they can use to easily take
> down Web sites.

They also give every penetration/assessment team around the world
point-and-click tools so that they can easily audit client networks,
reaping huge profit at the expense of the hacker's free time.

> Fortunately, testing for security vulnerabilities isn't limited to the
> black leather-wearing crowd with The Matrix-inspired nicknames. There
> are safer, mainstream alternatives. A continuing, qualified security
> advisory service is what corporations should look for from consulting
> firms. Dedicated technical resources will focus on identifying and
> qualifying serious, relevant network vulnerabilities as opposed to
> hacker-driven noise.

And where exactly does this "uber good, white shirt wearing, clean cut
corporate firm" get their advisory information? From the black shirt
wearing scum at defcon. It is thoroughly amazing how the Big 5 will step
on the little people as they climb the profit ladder.

> Keeping up with the best of the computer underground may not require a
> visit to the tattoo artist just yet.
>
> Victor Keong is a senior manager in the secure e-business group at
> Deloitte & Touche, and is the firm's global leader for network attack
> and penetration services.

Translated: "this was a sales pitch! we must take steam away from those
evil black shirt wearing scum in the desert! people aren't paying
attention to the Big 5 audting firms! our profits are dipping, oh no!"

FUD.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".