ADVISORY/ AXENT Security Expert Available to Discuss Hiring Hackers; Modern Day Pirates or Robin Hoods?Business/Technology Editors ADVISORY...for Monday (August 14, 2000) --(BUSINESS WIRE) Just last week, a 20-year-old man was arrested for allegedly hacking See hack and hacker. into two computers owned by NASA's Jet Propulsion Laboratory “JPL” redirects here. For other uses, see JPL (disambiguation). Jet Propulsion Laboratory (JPL) is a NASA research center located in the cities of Pasadena and La Cañada Flintridge, near Los Angeles, California, USA. and using one to host Internet chat rooms devoted to hacking. What would happen if NASA NASA: see National Aeronautics and Space Administration. NASA in full National Aeronautics and Space Administration Independent U.S. turned around and hired this man to guard its systems? Is hiring hackers risky or rewarding? In one sense, large companies and the government are very uncomfortable with hiring hackers. They usually refer to hackers as "black hats," the criminal types, versus "white hats," the security researchers. Yet, some companies gain comfort in knowing that a vendor has security researchers and experts -- with real-world hacking experience--on staff looking into ways that systems might be vulnerable and then providing protection. In fact, the 2000 Computer Security Institute/FBI survey indicates that 60% of the respondents would not hire a hacker A person who writes programs in assembly language or in system-level languages, such as C. The term often refers to any programmer, but its true meaning is someone with a strong technical background who is "hacking away" at the bits and bytes. , while only 20% said they would (20% said they didn't know). According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. AXENT Technologies(R)' Vice President of Security Management, Rob Clyde, hiring security consultants from a reputable rep·u·ta·ble adj. Having a good reputation; honorable. rep  u·ta·bil firm to conduct penetration testing A test of a network's vulnerabilities by having an authorized individual actually attempt to break into the network. The tester may undertake several methods, workarounds and "hacks" to gain entry, often initially getting through to one seemingly harmless section, and from there, makes more sense than hiring hackers. An effective method is to conduct automated penetration testing with scanning and policy management tools on a daily or regular basis. Clyde notes that it is not necessary to break the law in order to be a recognized security expert. To read AXENT's official position on hiring "black hat" hackers, please visit http://www.axent.com/news/industrynews/. Hiring a "black hat" hacker may not always be cost-effective. For example, an unnamed government agency hired a hacker as a consultant to research vulnerabilities. The hacker quickly found a large number of vulnerabilities, but in order to maintain job security he only reported one or two vulnerabilities a week stringing the company along. Then on the side, he let other hacker friends know about all the vulnerabilities. Eventually, the agency found out, fired him and immediately set a policy never to hire a hacker again. From a value perspective, a black hat may be highly technically competent at breaking into systems. However, can the hacker be trusted with corporate secrets? Most experts would argue that a black hat cannot be trusted and may leave undetected entries into the system and/or learn enough to be able to attack once the assignment has ended. Moreover, a black hat who is an expert at breaking into systems, may not be an expert in designing security programs and plans. A white hat, however, develops a comprehensive plan to protect a company's information assets. With more than 25 years experience in information security, Rob Clyde is one of the leading authorities on hackers, cybercrime cybercrime also known as computer crime Any use of a computer as an instrument to further illegal ends, such as committing fraud, trafficking in child pornography and intellectual property, stealing identities, or violating privacy. and information systems security. He is the founder of AXENT's InfoSecurity SWAT Team, a group of computer security professionals focused on studying hacking and solving the latest computer security threats. Clyde works with Fortune 1000 companies and governments every day to reduce and prevent compromising security threats. If you are interested in speaking with Rob Clyde about the ethics of hiring hackers, please call Mike Schultz Michael Alan Schultz (born on 28th November 1979 in Van Nuys, California) is a minor league baseball pitcher for the Arizona Diamondbacks franchise. He attended Loyola Marymount University. On July 16, 2004, he struck out five batters in an inning. (see [1]. or Davida Dinerman at Schwartz Communications, (781) 684-0770 or axent@schwartz-pr.com. AXENT, AXENT Technologies, and the AXENT logo are trademarks or registered trademarks, in the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. and certain other countries, of AXENT Technologies, Inc. or its subsidiaries. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion