http://www.businessweek.com/technology/content/oct2005/tc20051025_346219.htm By Arik Hesseldahl Young Entrepreneurs of Tech OCTOBER 25, 2005 For many technically talented teens, computer hacking brings about a first brush with law enforcement. For Ejovi Nuwere, it was a ticket out of the poverty-ridden, sometimes violent streets of New York's Bedford-Stuyvesant neighborhood. What started as a hobby at the age of 15 led in time to a computer security job with Lehman Brothers, and later with @Stake, the fabled security consulting firm that grew out of L0pht Heavy Industries, the Boston-based hackers collective, now a unit of Symantec (SYMC ). BOOK DEAL. The story of how he got from the streets of Bed-Stuy to working the edge of the computer-security world formed the basis of an autobiography he published in 2001 entitled Hacker Cracker with HarperCollins. The book, like so many other things in his life, happened unexpectedly. "I was working for a startup company, and they couldn't afford to pay me any cash," he says. "It was run by a husband and wife team, and one was a former book editor, and the other was a food writer, and so they had contacts in the publishing business. They made one phone call, and two weeks later I had a book deal." Now the hacker who escaped from the streets has started his own outfit. As many companies ditch their old circuit-switched phone systems in favor of less expensive Internet-based telephony, Nuwere's SecurityLabs Technologies is dedicated to helping them make sure those calls are secure. POORLY WRITTEN. Nuwere started the firm as a one-man shop with $10,000 in cash and took on some credit-card debt. First came consulting work, with five companies. "I spun the money from consulting into product development," he says. Now the company has grown to three people, with three companies interested in its software. The problems related to VoIP (voice over Internet protocol) aren't as simple as they at first appear, Nuwere says. Sure, there are concerns about spam and call interception, but the VoIP programs themselves can also be hacked. Those applications, he says, sometimes have the same holes that have plagued other programs in the past. In one case, he showed how poorly written software code in a VoIP application can allow a hacker to take over a desktop PC -- a bug previously found in programs like instant messaging. MAD RUSH. "There are a lot of fundamental security flaws in the way many of these applications are written," he says. "There's a mad rush among companies to deploy VoIP and make it work, and I can't fault them for that. But no one is looking at the software for security. Well, hackers are. I think in the next six months to a year we'll see a lot more vulnerabilities being publicized." Initially his product will be software installed on a network appliance that companies will install on their internal networks. But eventually, Nuwere plans to convert to an application service provider model -- in which customers rent software that runs on the vendor's servers -- somewhat like what Salesforce.com (CRM ) does. "We'll market it like an ASP, and that will eliminate the need for hiring additional personnel to monitor security of VoIP calls," he says. "We'll deliver updates for the latest security threats in real time and make the job of the chief security officer easy." Spoken like a true entrepreneur. _________________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Tue Oct 25 2005 - 23:45:08 PDT