Re: [ISN] Indian hacker turns cyber cop

From: InfoSec News (isnat_private)
Date: Tue Apr 23 2002 - 00:12:07 PDT

  • Next message: InfoSec News: "[ISN] Names, credit card numbers found via city's Web site"

    Forwarded from: Richard Forno <rfornoat_private>
    Cc: akindofmagickat_private
    So what if this kid wrote a book that was picked up by a major
    publishing house? Booksmarts and academic knowledge are NO substitute
    for wisdom gained through experience and time.
    As Ferrel said earlier, this kid's precocious and has a few things
    going for him. If he was common-sense smart (not just book smart) he'd
    finish formal schooling and get a job somewhere with his 'hobby' of
    security research on the side. If he plays his cards right, he'll have
    a very enjoyable career once he isn't perceived as 'just another kid'
    that got a lucky break or two.
    That being said - and I've not checked his book out or anything - I
    wish him well.....I've encountered many teenagers that I'd trust in
    positions of responsibility, but only after they've 'done their time'
    in school and have a real-world appreciation of the workplace and
    corporate environments.
    The foreign national / IT security issue is a years-old one going back
    to the hysteria before we allow someone that's untrusted,
    uncleared, and from a foreign land have access to our electronic crown
    From a security perspective, If any entity of the USG is so desparate
    that it hires a security consultant that's still learning the ways of
    the world, and does so from a foreign country - especially in today's
    alleged 'heightened security' environment, that does not speak well
    for the judgement of that USG entity, and probably goes against some
    provision of one of the new anti-terror or security laws/regulations
    that's out there, and the risks/costs outweigh the benefits.
    True, a consultant may be cheaper, but if you continue sacrificing
    security for convienience (or cost) we're never going to get out of
    this security quagmire we're in.
    I'm not against teenagers doing consulting, I just find this
    particular situation a little strange as far as the USG is concerned,
    assuming they actually hired this kid.
    > From: InfoSec News <isnat_private>
    > Reply-To: InfoSec News <isnat_private>
    > Date: Mon, 22 Apr 2002 04:03:15 -0500 (CDT)
    > To: isnat_private
    > Subject: RE: [ISN] Indian hacker turns cyber cop
    > From: Sheri Moreau <akindofmagickat_private>
    > [Is the U.S. Govt that hard up for consultants that its hiring
    > 16 year old former defacers to work as intelligence consultants
    > in information security?  - WK]
    > William,
    > Not to pick any bones, but.. it's a lot cheaper to hire a consultant
    > in India to work in India than it is to hire an American and get him
    > to go live in India... it amazed me when I worked in Silicon Valley
    > just how many companies are jobbing out work over there cuz it's so
    > cheap (and soooo insecure!!). Without knowing any more than what the
    > article said, this kid seems to have done one defacement two years ago
    > (forgiveable for a 14 year old), admitted it concurrently with the
    > defacement and suggested the defaced site improve their security, and
    > then written a book that MACMILLAN for heaven's sake, saw fit to
    > publish a year later.
    > The un-named "US Government agency" he works for could be any civilian
    > agency with a contract to the US government, ya know... the moniker is
    > often a matter of semantics when it comes to the media. Could be
    > Lockheed or Intel or anyone...
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Apr 23 2002 - 02:43:23 PDT