Re: Indian hacker turns cyber cop

[InfoSec News <isn () c4i org>]

Forwarded from: Richard Forno <rforno () infowarrior org>
Cc: akindofmagick () earthlink net

So what if this kid wrote a book that was picked up by a major
publishing house? Booksmarts and academic knowledge are NO substitute
for wisdom gained through experience and time.

As Ferrel said earlier, this kid's precocious and has a few things
going for him. If he was common-sense smart (not just book smart) he'd
finish formal schooling and get a job somewhere with his 'hobby' of
security research on the side. If he plays his cards right, he'll have
a very enjoyable career once he isn't perceived as 'just another kid'
that got a lucky break or two.

That being said - and I've not checked his book out or anything - I
wish him well.....I've encountered many teenagers that I'd trust in
positions of responsibility, but only after they've 'done their time'
in school and have a real-world appreciation of the workplace and
corporate environments.

The foreign national / IT security issue is a years-old one going back
to the hysteria before Y2K....do we allow someone that's untrusted,
uncleared, and from a foreign land have access to our electronic crown
jewels?

> From a security perspective, If any entity of the USG is so desparate
that it hires a security consultant that's still learning the ways of
the world, and does so from a foreign country - especially in today's
alleged 'heightened security' environment, that does not speak well
for the judgement of that USG entity, and probably goes against some
provision of one of the new anti-terror or security laws/regulations
that's out there, and the risks/costs outweigh the benefits.

True, a consultant may be cheaper, but if you continue sacrificing
security for convienience (or cost) we're never going to get out of
this security quagmire we're in.

I'm not against teenagers doing consulting, I just find this
particular situation a little strange as far as the USG is concerned,
assuming they actually hired this kid.

rf
infowarrior.org



> From: InfoSec News <isn () c4i org>
> Reply-To: InfoSec News <isn () c4i org>
> Date: Mon, 22 Apr 2002 04:03:15 -0500 (CDT)
> To: isn () attrition org
> Subject: RE: [ISN] Indian hacker turns cyber cop
>
> From: Sheri Moreau <akindofmagick () earthlink net>
>
> [Is the U.S. Govt that hard up for consultants that its hiring
> 16 year old former defacers to work as intelligence consultants
> in information security?  - WK]
>
> William,
>
> Not to pick any bones, but.. it's a lot cheaper to hire a consultant
> in India to work in India than it is to hire an American and get him
> to go live in India... it amazed me when I worked in Silicon Valley
> just how many companies are jobbing out work over there cuz it's so
> cheap (and soooo insecure!!). Without knowing any more than what the
> article said, this kid seems to have done one defacement two years ago
> (forgiveable for a 14 year old), admitted it concurrently with the
> defacement and suggested the defaced site improve their security, and
> then written a book that MACMILLAN for heaven's sake, saw fit to
> publish a year later.
>
> The un-named "US Government agency" he works for could be any civilian
> agency with a contract to the US government, ya know... the moniker is
> often a matter of semantics when it comes to the media. Could be
> Lockheed or Intel or anyone...




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.