[ISN] Shades of gray at security conference

From: InfoSec News (isnat_private)
Date: Sat May 04 2002 - 04:21:37 PDT

  • Next message: InfoSec News: "[ISN] Security poses primary wireless challenge"

    Forwarded from: bob <bobat_private>
    Shades of gray at security conference
    By Robert Lemos
    Staff Writer, CNET News.com
    May 2, 2002
    VANCOUVER, British Columbia--Near a table laden with coffee, tea and
    croissants, David Dittrich, senior security engineer for the
    University of Washington, discusses the newest tools of the trade with
    a hacker-cum-security-consultant known as "K2."
    They're a study in opposites: K2, stocky and jovial, has created,
    among other things, a "rootkit"--a tool for locking down unauthorized
    control of a server after an initial hack. Dittrich, tall and mainly
    serious, found K2's rootkit on several systems at UW, put there by a
    hacker who grabbed K2's tool off the Net.
    Was he angry? "I mainly thought it was funny," Dittrich said.
    In fact, the two--who some might think should be on opposite sides of
    the computer-security fight--actually work together. They're both
    involved in a project aimed at creating networks that act as an
    electronic bell jar, putting network attackers and their techniques
    under observation.
    The relationship between Dittrich, who is widely considered a "white
    hat" security expert--one of the good guys--and K2, who some consider
    a "black hat," is typical of many who have met here at the CanSecWest
    security conference.
    Despite the Sept. 11 terrorist attacks and the renewed suspicion that
    many security experts feel is directed at their profession, the
    hackers and security gurus that attend CanSecWest haven't quietly gone
    While attendees mostly consist of independent security experts--in
    other words, hackers gone legit--a large portion of industry experts
    and a handful of law enforcement and government agents are also
    Among the topics on the agenda: vulnerabilities in Microsoft's .Net
    software-as-a-service plan; university networks as a playground for
    online vandals; and the legal ramifications of monitoring hacker
    Though the opposite sides mix, they don't always mingle, said K2. "A
    lot of the government people don't talk about what they are doing, so
    in some cases, it's one-sided," he said. "It needs to be a two-way
    "Simple Nomad," an old-school hacker who works for security company
    BindView, had an animated discussion with a small bevy of government
    workers and law enforcement officers about government security.
    Collegial? Perhaps. Yet, later in the day, Simple Nomad gave a
    presentation on the various ways terrorists--and the average
    Joe--could secretly communicate information to each other and managed
    to jokingly thumb his nose at the government in the process.
    But while the new concerns brought on by the World Trade Center attack
    haven't driven the crowd here underground, they have changed things.
    In the shadow of the attacks, security consultants and tool hackers
    have, in many ways, dialed down their activities a notch, said Dragos
    Ruiu, an independent security consultant and the organizer for the
    CanSecWest conference.
    "You might as well be an assassin," Ruiu said. "The penalties are
    smaller to kill someone nowadays than hacking into a computer."
    The problem, Ruiu says, is that the tools created by hackers have two
    uses: They can be used to compromise systems, but they can also be
    used to secure them. Most people don't understand that and would
    rather clump any who use the tools together in the same "bad guy"
    "People distrust things they don't understand," Ruiu said. "The black
    magic factor is high."
    Ruiu said he expected that most people at the conference would fall
    into the white hat--or security-conscious hacker--category, but there
    was no way to be sure.
    "You never know who the threats are," Ruiu said. "You really can't
    tell who the people are that do the bad stuff."
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Sat May 04 2002 - 07:20:58 PDT