[ISN] Carolyn Meinel --- Debunking the myth.

From: mea culpa (jerichoat_private)
Date: Sat Nov 07 1998 - 09:00:09 PST

  • Next message: mea culpa: "[ISN] Ghosts In the Machines?"

    From: Ralph Logan <rloganat_private>
    Approximately a year and a half ago, I attended Defcon V.  Information
    Security professionals attend Defcon regularly to see old friends, form
    new relationships, and generally relax in an environment where we can
    speak about familiar topics without having to stop and explain years of
    computer knowledge to the general public, managers, clients or our bosses. 
     According to the Official Defcon V page there was a panel discussion
     moderated by:
     Carolyn P. Meinel - Moderator of the Happy Hacker Digest and mailing
                         lists.  She will preside over a seperate[sic] Happy
    		     Hacker discussion pannel[sic] that 
                         will cover the topics of wether[sic] or not "newbies"
                         should hav[sic] information handed to them, or should
                         they learn for themselves?  
    Having established relationships previously with other Information
    Security Professionals, I was surprised her name had never been mentioned,
    so I decided to sit in on the panel.  Understanding that this was an
    informal convention, I was not expecting strict guidelines or 'stuffy'
    behavior from any of the panel members, but the complete ignorance and
    irrelevance of Ms. Meinel's statements, retorts and reactions to open
    questions amazed me.  I left the panel discussion early. 
    Over the last year, I have kept a watchful eye on this person, Ms. 
    Meinel.  I researched her history, read her list, watched other mailing
    lists, and attempted to understand how and when she became a 'Security
    Professional'.  Knowing the experience and educational backgrounds of
    other Information Security Professionals, I could not grasp how the
    moderation of a mailing list qualified her as a 'Security Professional.'
    I received a document sent to Mike Bellus of the FBI outlining Ms. 
    Meinel's services as a consultant.  In the description of the "3-day
    Beginner Hacking Course" she was proposing to the Federal Bureau of
    Investigation, Ms. Meinel roughly portrays one of her services as
    "...designed to go far enough in these three days to teach serious
    proficiency at catching email criminals such as mail bombers." 
    Such are the 'skills' that Ms. Meinel encourages in her followers on the
    "Happy Hacker" mailing list and journal, although the 'skills' Ms. Meinel
    teaches on her list are just sufficient to get a new computer enthusiast
    in enough hot water to send them to prison.  She of course throws in an
    occasional 'Don't do this or you will go to jail' comment, but let's
    compare that to setting the cookie jar in front of the hungry child, shall
    Questions began to form in my mind: 'Is Ms. Meinel attempting to generate
    business for herself?', 'Is her skillset really this limited, or is she
    teaching new computer enthusiasts just enough to set off the warning
    signals with potential clients?'
    I watched at a distance as Ms. Meinel continuously poked and prodded her
    way around the underground scene with inflammatory accusations, ridiculous
    claims, and pious retorts to intelligent queries.  Taunting the
    underground personalities with challenges, then turning to Federal
    Officials and accusing innocent people of terrorizing her, Ms. Meinel has
    unjustly accused many people of criminal activities, with not the
    slightest bit of evidence. 
    It was obvious to me that Ms. Meinel had an agenda other than simply
    helping the uninformed in her 'Happy Hacker' mailing list.  Sure enough,
    in early 1998 her book 'The Happy Hacker' was published. 
    Interest waned after the book was released, as myself and other security
    professional associates realized that she was a harmless charlatan. 
    At Defcon VI Ms. Meinel was amazingly quiet. 
    A few months later, my current military client and I attended NISSC
    (National Information Systems Security Conference). 
    One session of the conference concerned 'The Future of Information
    Security'.  Included in this session's audience were professionals from
    the Department of Justice, National Security Agency, Federal Bureau of
    Investigation, Secret Service, security professionals from the 'Big Five'
    accounting firms, Microsoft, and INFOSEC Professionals in the private
    industry.  The panel discussion soon moved to 'How are we as INFOSEC
    professionals going to police the integrity of our profession?' When
    someone mentioned the content of Ms. Meinel's recent 'Scientific American'
    article, the entire audience burst into laughter.  It was a satisfying
    moment for those of us following Ms. Meinel's less than illustrious
    career: to finally see that our fellow PROFESSIONALS see her for what she
    is, and not what she purports to be.  I returned home from that conference
    with a sense of satisfaction, knowing that other INFOSEC professionals see
    through the charade that Ms. Meinel is creating. 
    The most disturbing part of this last year and a half of watching Ms. 
    Meinel, is her uncanny ability to pull the wool over the eyes of the press
    and the limited amount of the public that listen to her.  I am afraid we
    are going to see more people in our industry playing these games with
    potential clients and the public, and we must constantly guard the
    integrity of INFOSEC, for integrity is a mainstay of any INFOSEC
    It was with shame that I read your article after my boss pointed it out to
    me, asking if I was familiar with Ms. Meinel. 
    This letter is not for publication, only to ask you to please research
    your publicized writers before publication in the future. 
    This is not a letter to taunt Ms. Meinel, for I have no desire to respond
    to her, correspond with her, or even give her an attempt to justify her
    ever downward spiralling 'career' as a 'Security Expert'. 
    Ralph Logan
    Senior Information Management Specialist
    Affiliated Computer Services, Inc.
    The opinions stated in this correspondance are in no way representative of
    my employers.  
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:10:34 PDT