Daemons on the Net

[William Knowles <wk () C4I ORG>]

*********************************************************************
Daemons on the Net
By Carole Fennelly

I was at a conference recently talking with the CEO of a computer
security company who emphatically stated "We don't hire hackers."
Curious, I asked if she meant that her company doesn't hire people
with criminal records. She clarified "We don't hire people who attend
DefCon, have online handles or who participate in hacker forums. Or
who hang around with hackers". In other words, they don't hire people
who don't conform to mainstream. I wonder how they determine who
associates with "undesirables"?

Is that perhaps why the term "hacker" is so controversial? Because
hackers don't conform? The U.S. Founding Fathers didn't conform
either.

Down through the ages, any group that didn't conform to mainstream
society was subject to various forms of persecution. The Inquisition,
the Salem Witch Trials and, more recently, McCarthyism
(http://www.hashomer.org/McCarthy.html).

It's rather ironic that the United States, which was founded on the
principles of accepting diversity supported this modern version of a
witch hunt. It's easy to look back on those days of investigating
"subversives" as a black spot in democracy that we have thankfully
learned a lesson from.

Have we? The June issue of Vanity Fair
http://www.pub-serv.com/surveys/vf/june2000/toc.asp?EMAIL= has an
article by Bryan Burrough titled "Invisible Enemies". According to the
editor, this is supposed to be an article detailing "high-tech
procedural detective work".

In reality, it is nothing more than a sensationalist "good vs evil"
script more suitable for the cheap stereotyping found in TV movies.

Perhaps that is what Burrough was looking for anyway. Who cares about
the facts? After all, this is Vanity Fair - entertainment, not real
news.

I care. I care because I work in an industry where I have to deal with
the consequences of this stereotyping. Burrough picked up on the
squeaky-clean image of JP Vranesevich (founder of AntiOnline) and cast
him as the Hero of this little melodrama. It doesn't matter that JP is
nothing more than a paid snitch with limited technical ability, he
looks "wholesome". He fits the part of upstanding American Youth.

Burrough chose JP's harshest critic, Brian Martin (founder of
Attrition.org) to play the Villain. After all, Brian looks like he
just stepped off the set of The Crow and hangs around with
"subversives". It doesn't matter that he is a six year veteran of the
professional security field and has the respect of law enforcement and
journalists.  He looks dangerous. He fits the part of the "Evil
Hax0r".

I won't get into the specifics of everything that's wrong with this
10000 word article (starting with the fact that it is 10000 words too
long). Brian posted a rebuttal on the Attrition site that addresses
some of the issues: http://www.attrition.org/errata/www/vf1/

"But", a techie might argue, "What do I care? I just want to know
about the latest product releases and bugs. I don't care about that
other stuff".

Well, upper management does and, like it or not, they set the policy
that governs how the techies play with the bits and bytes. Do you
really want your management to decide what nightclubs are acceptable
for their employees and who they may associate with?

"Oh, that'll never happen", you might say. Yeah. And we didn't think
McCarthyism could happen here either. McCarthyism isn't dead - it's
just found a new target.


About the author
----------------
Carole Fennelly is a partner in Wizard's Keys Corporation, a company
specializing in computer security consulting. She has been a Unix
system administrator for almost 20 years on various platforms, and
provides security consultation to several financial institutions in
the New York City area. She is also a regular columnist for SunWorld
(http://www.sunworld.com). Visit her site (http://www.wkeys.com/) or
reach her at carole.fennelly () sunworld com


*-------------------------------------------------*
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions             http://www.c4i.org
*-------------------------------------------------*

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".