Now, Now, let's not get your gray hat in an uproar. Gray Hats definitely
have a place in the Information security field, but most of them are busy
getting on their soap box talking about how most applications are
vulnerable, etc, etc. Some of the members of L0pht have worked for
organizations who provide managed internet security services to
organizations who did not have the technical skills or knowledgeable staff
on hand.
IMHO I would much rather a member of someone from the L0pht performing a
security audit than a ig Six house..
/cheers
/m
jeff andrews <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
02/17/00 12:17 AM
Please respond to jandrews
To: [EMAIL PROTECTED]
cc:
Subject: Glorifying gray hats
With much of the news surrounding L0pht with hacker, Mudge aka Peter
Zastko, including the White House security summit, it seems to praise
their gray hat model.
"L0pht members describe themselves as "gray hats," on the edge between
good and evil hackers. Besides selling security software, they broke into
corporate systems and alerted the firms to weaknesses."
http://www.usatoday.com/life/cyber/tech/cth071.htm
"More damning is that L0pht has also gone on record as saying that
"governments and multinational corporations are detrimental to the
personal liberties on the Internet." On the other hand, L0pht's new
company, called @Stake, is a specialized professional services company
that will provide a full range of security solutions for the e-commerce
operations of global clients."
http://www.zdnet.com/enterprise/stories/security/news/0,7922,2420340,00.html
"Back Orifice is a windows trojan developed by the cDc ...The correlation?
The Deth Vegetable, as well as several other Cult Of The Dead Cow Members
(including Mudge and DilDog) are also members of L0pht Heavy Industries
(according to membership lists posted on both cultdeadcow.com and
l0pht.com)."
http://www.antionline.com/cgi-bin/News?type=antionline&date=05-03-1999&story=l0pht.news
1. Is there an ethical issue with L0pht members developing Back
Orifice 2000, the infamous backdoor, and then profit from a solution that
protects against it?
2. With L0pht's known views on government and corporations, does it
make sense for them to act as main counsel for the White House?
3. Is there an issue with gray hat hackers that break into systems
that are then employed as the protectors of those systems?
4. Are gray hats preferred for securing a firewall than a good
security consultant?
5. Does elevating these gray hat hackers as role models encourage
young kids to break the law in an effort to become like L0pht?
6. Should the press and media be glorifying the gray hat model?
With L0pht, developing exploit tools, raising $10 million from venture
capitalist for their new start-up company, should Mixter, the developer of
distributed denial of service (DDOS) exploit tools, go raise money as
well? If they can get Coolio, Mafiaboy, and Mixter together, they might
want to borrow Lopht's business plan.
Thanks,
-- JA
Jeff Andrews,
Senior Security Engineer
_____________________________________________________________
Email Powered by Everyone.net
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
