lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20040922034325.GV14301@c3.seiden.com>
From: mis at seiden.com (mis@...den.com)
Subject: Scandal: IT Security firm hires the author of Sasser worm

as someone who often works as an expert in trials involving computer
fraud and abuse, i've developed opinions in this area, and at the risk
of stating the obvious and making this discussion even more tedious,
i'll voice some of them now, with your indulgence.

i have seen people convicted who steadfastly maintained they were not
guilty, had no criminal intent, didn't realize the consequences of
what they were doing, or mostly just happened to choose the wrong
roommate.

nonetheless, the government wanted to make an example of *someone*,
and these people made good examples: easy to catch and (they hoped)
easy to convict -- particularly in an atmosphere where more is being
criminalized every year.

despite defendants' claims, some eventually pled to one count just
to be done with a process that can easily take over one's life,
freedom and their ability to work or live for *years*.

i've met many of these people.

i'd say some of them are good people, or reckless kids, or obsessive
hackers with no social skills, or sad sack losers.  some are
mischievous.  some are political and some are vandals.  some are
fundamentally honest people, some are delusional, and some are lying
con artists.  some are tasteless, vindictive assholes with no ethical
framework other than thinking special rules should apply to them.

really, there's no way to generalize, without a lot of specific knowledge
of each case and individual involved.  and don't believe either the hollywood
or the self-promoting versions of their stories.

there's a lot of individual variation among people!

so it makes no sense to compare the kid who started this thread with
frank abagnale with kevin poulsen with randall schwartz with rtm with
with kevin mitnick.  they are different people and merit different treatment.

concerning whether convicted criminals are skillful:

well, sure, just like noncriminals.  (the ones who don't have extraordinary
skills are unlikely to be very interesting to employers, but the ones with
extraordinary skills are likely to have longer sentences due to the upward
departure in the sentencing guidelines for gaining and abusing special skills.

the management challenge for an employer is that they surely merit closer
supervision than their peers, and you can't hide from your customers
that they have a past -- and that you trust them doesn't mean your clients
have to, so there's a business problem.

concerning whether convicted criminals are now somehow trustworthy:

to me, intent to do harm is a key element in predicting that outcome.

i've personally seen only a small number of convicted criminals who
had malicious intent grow up and turn into tasteful and trustworthy
people.  (some had criminal but not malicious intent...  e.g. "ripping
off the phone company" or intentionally copying software are examples
of the former.)

but, for example, you find it difficult to persuade me that someone
who for years demonstrated repeatedly that he was mean, vindictive,
and tasteless, many of whose former friends are scared of him, in
essence, not a mensch, is now suddenly trustworthy because he's "paid
his debt to society". no matter how much he acts like mr charming,
it's just the same con job.

On Tue, Sep 21, 2004 at 02:36:57PM -0400, Jonathan Rickman wrote:
> 
> > Saying that no teenager can be reformed is like saying you 
> > can't change your mind about what to eat for dinner.  I have 
> > over 13 convictions and have been in prison as well as spent 
> > more than my fair share of time in county jails.
> > However, that has been 10 years now and I am integrated into 
> > society making my way in life.  All of this happened before I 
> > turned 21 years old.
> 
> That's just great. Though I may buy into the idea that you are "reformed"
> now that you are 10 years removed from your criminal activity. This kid
> isn't even 6 months removed from his criminal activity yet. So no, I will
> not give him the benefit of the doubt and neither should Securepoint or
> anyone else...except maybe his mother.
> 
> --
> Jonathan
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ