The contentious sparring between Hewlett-Packard Co. chief security strategist Ira Winkler and convicted hacker Kevin Mitnick came to a head Tuesday afternoon at RSA Conference 2003.
Under the guise of a general-session debate on whether enterprises should hire former criminal hackers to do network penetration testing, the session quickly dissolved into 65 minutes of Mitnick defending his transgressions and Winkler aggressively pressing the former hacker on his skills and those of his nefarious former colleagues.
Nevertheless, a packed session hall took in the verbal jabs with glee and boos throughout the event, with Winkler getting the bulk of the cheers, but absorbing a few jeers, as some applauded a few of Mitnick's points.
Trying to bring some sort of balance to the panel were Jennifer Granick, a hacker-sympathetic attorney who represented Mitnick, and Christopher Painter, who was her counterpart during the trial. Granick teaches at Stanford Law School and is director of the school's Center for Internet and Society. Painter is deputy chief of the Department of Justice's Computer Crime and Intellectual Property Section.
Granick stood by her client, trying to buffer many of the blows coming from Winkler, who opposes the notion that it's a wise idea to bring former criminals into the enterprise to probe and poke at networks to determine vulnerabilities and soft spots. Painter, meanwhile, hammered home the notion that enterprises must examine the risks involved before bringing criminals inside their firewalls.
Perhaps the true balance on the day were the attendees, some of whom fell in the middle of the debate.