Big Galoot Diatribe - White Hats, Security Conferences and Boy Scout Meetings…….
October 11th, 2007 Drazen Drazic Posted in Bad Stuff, Big Galoot Diatribe, Disclosure Laws, Dumb Security, Industry Specialists Talk, Risk Management, Vulnerability Management, Web Application Security, cyber crime, governance |
The rantings of Craig Chapman, Computer Forensics Geek.
As funny as it sounds, a while back I asked the serious question on Beast or Buddha?
How many white hats are actually black hats in disguise ?
http://beastorbuddha.com/2007/08/07/ethical-hackingthat-term-is-a-worry/#comments
Since then, its been reported that the so-called ‘white hat’ security professional Max Butler, has been arrested & charged with hacking offences including running a carder portal. Ironically, Butler also worked for a reputable organisation who’s name suggested they are good guys. (I believe Christian Heinrich also spotted this report). They probably are.
http://www.securityfocus.com/news/11487
We shouldn’t be surprised in any way. After all, its not unheard of for criminals to enter a certain profession in society with the motivation (and relatively easy access) of undertaking their chosen nefarious activities.
It makes a lot of sense, in a criminal way.
For instance;
- Paedophiles who become scout leaders, teachers or church leaders.
- Fraudsters & corrupt persons who become polititians or public officials.
- Arsonists who become fire fighters.
All of which leads me to ask the following:
1. Would a country planning a war also invite their enemies along to their pre-war planning meeting ?
2. Are tactics for defeating hackers, latest research etc openly discussed at IT Security conferences ?
3. Is there a strong likelihood that amongst the hundreds of IT security professionals attending a conference, some may be highly experienced black hat hackers ?
4. Is the IT security industry deluding itself about the preventative value of such conferences ?
5. Rather than helping to put the flames out, are large conferences a mechanism fuelling the fire ?
I think we know the answers to most of these questions so do we kid ourselves that the industry is not rife with people who can easily sway into the dark side or are already firmly entrenched there?
Food for thought.
October 14th, 2007 at 7:10 am
Related?
http://www.shanghaidaily.com/sp/article/2007/200709/20070925/article_332460.htm
October 15th, 2007 at 3:46 pm
You don’t have to worry about me… Until I turn up to the office with a new Range Rover
October 17th, 2007 at 5:05 pm
From Draz’s link above:
“Company general manager Dong Zhenguo told the newspaper that the company fell prey to the worm and he personally hates what Li has done.”
however
“the company can offer a good platform to show his talents,”
A bit of digging indicates that the potential employer is an IT services firm. Hmm.. worrying !
October 21st, 2007 at 8:12 pm
@Craig Chapman,
To quote from the Post “”Ethical Hacking”…that term is a worry…”
Your comment dated August 16th, 2007:
“How many white hats are actually black hats in disguise ?”
My comment dated August 12th, 2007:
“Furthermore, the reference to ethics is based on the argument, while deliberately withholding the counter-argument, of “White Hats” versus “Black Hats”.
In conclusion, your comment is *after* my comment.
Therefore, why have you neglected to at least attribute the source?
October 21st, 2007 at 8:20 pm
@Craig Chapman,
To quote from the Post “”Ethical Hacking”… that term is a worry…”:
My comment dated August 29th, 2007:
“@Big Galoot
Two examples that come to mind are:
1. Max Butler aka Max Vision of whitehats.com”
My comment dated September 13th, 2007:
“@Big Galoot,
The media is reporting that Max Butler has been arrested again today.”
In conclusion, your Post is *after* my comments.
Therefore, why have you neglected to at least attribute the source?
October 22nd, 2007 at 11:59 am
@Christain
Are you serious? If you have the same opinion or thoughts on a particular issue as another person, there is aboslutely no need to reference that person. A search on the internet will reveal many articles on the topic. Does this mean that you should have referenced all these people because they posted their “opinon” before you did?
October 22nd, 2007 at 12:13 pm
Also:
“The media is reporting that Max Butler has been arrested again today.”
Hmm…have you neglected to attribute the media source?
October 22nd, 2007 at 5:23 pm
@Alliya
Craig didn’t have the same opinion or thought until *after* reading my comment. This is proven by his comment dated after my initial comment and then again when I posted an additional comment as a response which I clearly reference Craig by including “@Big Galoot”.
You have confused the “Birthday Paradox” with “white anting”.
The media were cited as a collective entity as there were multiple articles published during that time.
October 24th, 2007 at 1:30 pm
Did I say before that I don’t edit the content of the “Industry Specialists” posts here? Well gees, I reckon I have played a small unintentional role in this.
Original below (what I took as a remark and deleted was meant to be part of the article):
“Since then, its been reported that the so-called ‘white hat’ security
professional Max Butler, has been arrested & charged with hacking offences
including running a carder portal. Ironically, Butler also ran the
security site Whitehat.com (I believe Christian Heinrich also spotted
this report.)
http://www.securityfocus.com/news/11487”
So is Big Galoot in the clear?
November 1st, 2007 at 4:03 pm
Yes - I would support the “Birthday Paradox” claim and retract my comment[s] based on your reason at the time provided his original text is inserted back into the Post?
November 1st, 2007 at 4:18 pm
For the sake of ending this thread, it is now amended to Craig’s initial comments.