Mac hacks, BBC attacks and backing hackers
Posted on 18 Jun 2009 at 11:20
Davey Winder exposes the 100% secure mac myth, questions the BBC's botnet morality, and considers hiring hackers.
Hiring hackers
Another botnet story that caught my attention recently also involves ethics in the IT security business - the old chestnut about whether or not you should employ convicted hackers. Now let me get this straight: some of the best security consultants I know have had a somewhat "colourful past" - including perpetrating hacking exploits - and in my opinion, such experience actually qualifies them rather than disqualifies them from this job. There are some people, however, who vehemently disagree with me and argue (with some merit) that good hacking skills and good IT security skills aren't in fact entirely the same, insisting that to break into a network and to protect a network require two completely different sets of technical qualifications. I was even at a security conference some years back when a highly placed director of security at one of the big IT companies suggested that a monkey could be trained to hack most networks in just a few hours. That, I think, misses the point.
IT security is more often than not a matter of mindset, and while it can be learned from a book and can be taught, even so a poacher-turned-gamekeeper will always have an edge over a book-taught one. They understand how the hacker's mind works, how the hackers think, and that's something that's a lot harder to grasp from theory than it is from battlefield practice. I will agree that most ex-hackers nowadays tend not to be the most skilled members of their profession, by the very fact that they were caught, which suggests they weren't entirely in control of the game. Back in the day of 20 years or so ago - when hacking truly did require a high level of technical know-how - things were different, but today most ex-hackers are actually self-proclaimed and really nothing more than kiddie-script-monkeys who use ready-made solutions.
Most of the hackers I know who made the move from the dark side to the light did so with the passage of time and without ever being caught, which is why I was somewhat concerned when I read that a botnet builder, duly convicted of spreading malware to a quarter of a million computers and starting his four-year prison term, will have a job waiting for him when he gets out as a security consultant for a big search company. His boss didn't know that this botnet builder had already pleaded guilty to his crimes as part of the FBI Operation Bot Roast in 2007 and was awaiting sentencing when he applied for the job, and admits that he wouldn't have hired him had he known this - but he also says that the perp is a talented developer who just pushed the envelope too far when young, and has gone on the record to say he hopes to offer him a job when released. Feel free to voice your opinion on this case in the PC Pro forums (www.pcpro.co.uk/forum/), as I'd be very interested to see which way you swing on this rather tricky moral issue.
I've never said that Macs were 100% secure...
...just that, given a reasonable amount of common sense, they were far less likely to deteriorate over time than Windows systems, and far more intuitively usable to the average new/inexperienced user (or expert) than either Windows or Linux. I say this with 25 years' experience developing for and supporting Windows in every environment imaginable.
I've blogged about this sort of thing a few times, talking about the debate between adequacy and excellence ( http://tr.im/wmRR), "Happy Updating...." ( http://tr.im/wmS7) and, particularly, "Differences that Make Differences [i]Are[/i] Differences" ( http://tr.im/wmSh). I'd be very interested in your thoughts.
By jdickey1 on 14 Aug 2009 
Davey Winder
Davey is a contributing editor to PC Pro, having covered the internet as a topic since the magazine started in 1994. Since that time he's won numerous awards for his journalism, but remains a small-business consultant specialising in privacy, security and usability issues.
advertisement
- The ease of hacking a WEP network
- Delving into the Norton 2010 line-up
- Banish your Wi-Fi woes
- How to commit Facebook suicide
- Which smartphone keyboard is the best?
- We can beat the botnets
- Paying for code doesn’t mean owning it
- Cracking the iSCSI conundrum
- The perfect open-source task scheduler
- Exploring Microsoft Office 2010 beta
- What's that eggy smell in the server room?
- How to change the default template in Word 2007
- Book review: Rework by Jason Fried and David Heinemeier Hansson
- Panorama parents deserve their file-sharing fine
- Google and BT offer free website service to British businesses
- Lords' last chance to protect broadband customers
- Extreme handwriting recognition on the Dell Latitude XT2
- 12 surprising things that Wolfram Alpha knows
- Nokia N900: phone or pocket computer?
- The sinister side of Spotify
- Windows 7 XP Mode now runs on all processors
- Intel claims new processors boost security
- Tiny domain names to be released in UK
- Google launches bolt-ons for web apps
- Microsoft warns users off 64-bit Office 2010
- Google to steal Office Web Apps' thunder?
- Network provider admits customers still don't trust the cloud
- Twitter earned Dell $9 million
- Amazon cloud "doesn't come down at Christmas"
- Microsoft: Oracle's fighting the "evolution of the industry"
advertisement



Printed from www.pcpro.co.uk