[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3F4B5B2F.1050203@dbsinet.com>
From: hmason at dbsinet.com (henry j. mason)
Subject: CERT Employee Gets Owned
i was going to reply off the list, to cut down the nonsense,
but i'm going to address the issue of morality and it's
relevance to computer security, and then i'm going to shut
up. and, for the record, i think the original post *was* OT.
pedophilia has NOTHING to do with security. it's a morality
issue... what if the person accused was guilty of fraud,
extortion, or tax evasion? we don't know if he was, but
would that put his past work under suspicion?
possibly.
the fact is, it's almost impossible to know if someone is
going to act in the best interests of others, which is what
is necessary for good computer security. in this case we have
a computer security professional whose responsibilites lay
mostly in communication with the industry, accused of attempting
to satisfy an apparent perversion - in a case that has very
strong overtones of entrapment.
i think the only thing that relates to computer security here
is the issue of trust. the JAP people broke the trust of their
user community by maintaining the appearance of complete
security when in fact that security had been compromised. the
CERT employee in question damaged the trust of his employer
(and apparently those in the security community who are more
concerned about his sexual preferences than his privacy) by
*attempting* to engage in a morally questionable act.
trust is VERY important to computer security. who can you trust?
the goverment? the police? the people on this mailing list?
trust is a complicated thing. i have a commitment to my clients
that requires me to act in their best interests and keep their
data secure. does this mean that my personal life is squeaky
clean? i don't think so. but i have a moral obligation to
ensure the safety and security of my clients, and i don't
confuse that with the morality of my personal life. am i a good
person? i'd like to think so, although any hardcore right-wing
christian would be terrified of my ideals.
the real question is: am i a good administrator?
henry
also: i'd *really* rather read about soap opera stuff on /.
Myers, Marvin wrote:
> As being one who was rightfully chastised by Kurt recently, I do believe
> that this could indeed have some relevance to the FD list. If by this
> mans actions, his past work could at all be suspect, then this is the
> proper venue to post it. If someone of his caliber, someone who should
> know the repercussions of any action taken using a computer as a tool,
> is used as an expert during trial, or their technical writings used as
> such, can we not realistically look at all of his past work as being
> suspect. If indeed he is a pedophile, he may have overlooked other
> pedophile activity in the course of his job. While I would never accuse
> someone whom I do not have personal proof of illegal activity, and after
> all he is innocent until proven guilty, I can understand why someone may
> want to analyze and or scrutinize his past work.
>
> Just my 2cents worth.
>
> -----Original Message-----
> From: Kurt Seifried [mailto:listuser@...fried.org]
> Sent: Monday, August 25, 2003 6:29 PM
> To: badpack3t@...urity-protocols.com; full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] CERT Employee Gets Owned
>
> Please read the list charter and stop posting junk like this. Do we know
> post stories about any criminal charges brought against anyone in the
> security industry? Should we also cover parking tickets?
>
> Kurt Seifried, kurt@...fried.org
> A15B BEE5 B391 B9AD B0EF
> AEB0 AD63 0B4E AD56 E574
> http://seifried.org/security/
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
Powered by blists - more mailing lists