http://www.securityfocus.com/news/79 - AtStake jilts Phiber Optik - The
corporation formerly known as the L0pht courts Mark Abene, but balks at his
hacker past.
Although, if you check out www.crossbar.com, there is no mention of his
checkered past on the website.
But defeating background checks can be very easily done even by those who
are not the saavy with computers. Identify thieves can go to a couple of
sites www.rootsweb.com and www.merlindata.com with very little effort and
muck with their background or steal someone's identify just to satisfy a
fairly extensive background check. Even more so, if one used be neighbors
with the former president and received a Presidential pardon.. (That is a
whole other point entirely)
Going by Hacker handles can also be an issue, since corporations are a
little skittish about dealing with companies who have lots of employees
with hacker de plumes, issues with people might be have been labeled as a
person who doesn't play well with others in the sandbox (i.e troublemaker,
but has good solid technical skills), or have people on board who post
interesting discussion topics that discuss the 9th layer of the OSI model..
(Political)..
(back to my comment)
Hiring people who not only know how to find exploits, but offer reasonably
detailed technical information on how fix it, and the reasons why, are the
type of people an organization may want to speak with before looking at
people who have a somewhat checkered past, or go by handles like "MIG
Welder", "Brown", "Smear", or "[EMAIL PROTECTED]".
They may be often better employees but with over inflated egos, over
inflated worth and may or may understand how to improve the security of the
organization versus just finding one or two buffer overflows in SCO Unix
or being part of the development team for releasing one of the first
commercial UNIX operating systems.
At 07:44 PM 3/10/01 -0800, Steven Pierce wrote:
I agree 100%. Who said that the information crime is something
that is dangerous? I have read more then one story that business
are hiring ex hackers for their business to help with security issues.
Who better to know if there is a security hole, but for someone to
that has been in to play (Defeat) with them...
If they can pass a background, and the like I have no problem with it.
Now they might have a little shorter leash then someone that has not
been convicted. That would also only be until they proved themselves.
I could bet they would be a better employee then someone that has not
been into the system.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
