Page 5 of 7 FirstFirst ... 34567 LastLast
Results 41 to 50 of 61

Thread: Hiring Hackers As Security Consultants

  1. #41
    Yeah... I would.

  2. #42
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    =o

    WELCOME!

    Heh, you'd wake up with your eye brows shaved, a tattoo of three holes like a bowling ball on your newly shaved ass and probably some broken bones. Not that anyone could tell what happened.

  3. #43
    1. Probably a good idea to keep the help desk on your side - implying that they are know nothings might result in permanent account lock out and no callback ever - and it's not true. Knowing what goes under the bonnet in a computer system is just one kind of knowledge. Help Deskites can get off with girls, most hackers (archetypically) can't - the exception is virus writers who apart from that one major fault are typically anal - I mean mortgage, stepford family, drives a volvo, the works ...

    2. Any fool can learn to hack a system. And I don't even mean using script kiddie tools. There is plenty of information on the net on how to script exploits for yourself. All it takes is time and effort in the research and learning.

    3. Most people are just not interested in putting in the time and effort - they have a real life.

    4. Those who are - ie. hackers, virus writers and security consultants - are capable of developing their skillsets equally but from different povs and with different application vectors.

    5. Knowing how to break a system does not equate to knowing how to secure a system from breakage. The latter requires a wider and more complete skillset including people handling skills.

    6. Being a blackhat hacker is not something to boast about. Criminals do not noticably go down to the local bar and announce their allegiance to the criminal fraternity. There is kudos in having the skill to 'hack' a system and reveal its vulnerabilities - to use that knowledge to exploit them is immoral, unethical, illegal etc.

    7. Does a reformed (assuming is genuine) blackhat have the skills to secure a system. Answer: No - he only has a basis for developing those skills - in the same way that a network implementation expert or a good applications programmer has the basis for developing those skills.

    8. If you have a system with sensitive (e.g. commercial data) on board, who would you trust first - a former blackhat or one of the latter more respectable breed -assuming post security training?
    No one can foresee the consequences of being clever.

  4. #44
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Oh where is the fun in that. I've had 2 hours of sleep, and I'm getting ready for work....

  5. #45
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Originally posted here by Kidd_Zero
    Unethical, but practical, as who better to evaluate your system than one who would potentally steal from it and thus know what to look for but you must pay them well so they wont selll your secrets or steal themselves.
    You've just defeated your own argument. How well do you have to pay someone to not rip you off, after you've had them show you how easily you can be caught with your pants down?

    BBZZZZZZZZZZZZ! Wrong answer, but thank you for playing.

    ---

    If any of you've had enough time/background in this field, you've heard rumors (if not been directly involved) of the major hacks that have occurred. You won't read about these in the newspaper. These are the deals where, a company get's taken for HUGE amounts. When they catch up with the perpetrator, they buy him off, rather than charge him, in exchange for detailed information on how it was done, plus signature on an NDA.

    Now this is post-intrusion, so it's slighty different. But to these companies, it was more cost effective to let the thief get away with the money then to have their reputation impacted by public disclosure of how much they suck at securing their resources.

    Now days in the US, thanks for Sarbanes-Oxley, GLB, and a few other congressional acts, this is much harder for companies to do.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  6. #46
    Senior Member
    Join Date
    Feb 2004
    Posts
    270
    Originally posted here by tenzenryu
    1. Probably a good idea to keep the help desk on your side - implying that they are know nothings might result in permanent account lock out and no callback ever - and it's not true. Knowing what goes under the bonnet in a computer system is just one kind of knowledge. Help Deskites can get off with girls, most hackers (archetypically) can't - the exception is virus writers who apart from that one major fault are typically anal - I mean mortgage, stepford family, drives a volvo, the works ...
    Hhhm. What is about help desk people that make you think they are not hackers, wheter black white or greyhat ?

    Granted some helpdesk people are complete idiots others are pretty smart and could verywell be on hell of a badass blackhat hacker in their private time.

    Yust like normal criminals. They have can have normal jobs too. But in the mean time they could be commiting henieus crimes right under people's noses. /me points to microsoft and shell and other big companies as wel as pedophiles working in the schooling system and churches.

    And guess what. Most of them have wives and a familie.

    Originally posted here by tenzenryu

    2. Any fool can learn to hack a system. And I don't even mean using script kiddie tools. There is plenty of information on the net on how to script exploits for yourself.
    You mean hacking into a network and doing malicuos stuff is very simple and not that much of a task at all ? Something any fool can do. Not an acomplishment at all.

    Originally posted here by tenzenryu
    All it takes is time and effort in the research and learning.
    But suddenly it is a task. Something you must put time and effort in something you must research and learn. But if you put time and effort into something and then finally eachiving said goal is a decent accomplishment i think.

    (not defending blackhats here)

    Originally posted here by tenzenryu

    3. Most people are just not interested in putting in the time and effort - they have a real life.
    I consider my life very real. Yet I am using a lot of free time reading and posting to forums like this learning new stuff about networking and protecting them but this skillset could very easely and with some work be turned around and used for hacking something.

    Hell my school and education seem to not do anything then learn me this stuff that has nothing to do with real life according to you. And then I go and spend my free time on it aswell. My school my employer and myself must have lost all contact with reality.

    Also those credit card details beying stolen must also have nothing to do with people's real lifes.

    Originally posted here by tenzenryu

    4. Those who are - ie. hackers, virus writers and security consultants - are capable of developing their skillsets equally but from different povs and with different application vectors.
    Appilication vectors ? Wait let me google that. No definition found. A god damn. Got to guess then. Ill guess it is something like applying it in different way's.

    In that case I can only agree with you on this point.

    Originally posted here by tenzenryu

    5. Knowing how to break a system does not equate to knowing how to secure a system from breakage. The latter requires a wider and more complete skillset including people handling skills.
    What makes you think that hackers have no people handeling skills ? Im not talking about the script kiddie called morpheus8874 on AOL. I am talking about the type of people that hack a site and get away with a few million credit cards numbers.

    Im talking about the guys who can social engineer people into getting a cleric to give him or her his password and working from there.

    Wait did i say Social engineer ? Is that not the stuff where you get people to do stuff for you or tell you stuff they should not ? Seems like someone who employ's social engineering needs to posses extraordenary social skills.

    Combine that with the fact that any fool can learn how to hack all it takes is time and effort in the research and learning. I think this can also be applied to securing networks. And your fool has already shown he can put the time and effort in by braking into networks and being considered as a consultant.

    Originally posted here by tenzenryu

    6. Being a blackhat hacker is not something to boast about. Criminals do not noticably go down to the local bar and announce their allegiance to the criminal fraternity. There is kudos in having the skill to 'hack' a system and reveal its vulnerabilities - to use that knowledge to exploit them is immoral, unethical, illegal etc.
    Yep, very true. But suddenly some guy gets on to you and the information gets out anyway. You go to jail serve your time. What are you going to do when a boss asks you about you criminal background? Lie?

    See he knows or can find out about it anyway. And if you start lying he will never trust you and so you will not get a job. That does not mean you have to brag about what kind of a l337 h4xx0r you were/are but denieing it is foolish.

    Originally posted here by tenzenryu

    7. Does a reformed (assuming is genuine) blackhat have the skills to secure a system. Answer: No - he only has a basis for developing those skills - in the same way that a network implementation expert or a good applications programmer has the basis for developing those skills.
    But hey he is reformed. He is bringing around his life. He want's to work the other side of the fence and is willing to put effort into it. and "All it takes is time and effort in the research and learning." If any fool can do it a real blackhat hacker that has no real problems understanding computers and networking it cannot be to hard. (The good applications programmer can probebly learn this yust a good as the reformed blackhat, although the fact that he is focussing on programming may suggest that he is not as interested in that so he will likely have a bigger learning curve)

    Originally posted here by tenzenryu

    8. If you have a system with sensitive (e.g. commercial data) on board, who would you trust first - a former blackhat or one of the latter more respectable breed -assuming post security training?
    Assuming I will have a business that I want to beter secure the networkoff, through that channel. And a reformed blackhat comes knoking on my door. I will tell him that yes we can work something out. I will not trust him fully from the start it is a relation that needs working on.

    If the more respectable one comes around then from a starting point he will get more trust. But I will not trust him fully to begin with either.

    If both come along I will probebly accept both if i have the money. And if both come along but money forces me to choose one I will look at track record. If both have no track record or offer none but i know one of them is a reformed blackhat i will pick your consultant based on the fact that I can trust him more in that case.
    Since the beginning of time, Man has searched for the answers to the big questions: \'How did we get here?\' \'Is there life after death?\' \'Are we alone?\' But today, in this very theatre, you will be asked to answer the biggest question of them all...WHO LIVES IN A PINEAPPLE UNDER THE SEA?

  7. #47
    Senior Member
    Join Date
    Dec 2004
    Posts
    3,171
    Hi kidd_Zero,

    The problem with this...
    but you must pay them well so they wont selll your secrets or steal themselves.
    is...

    1. It's not always about money...sometimes it's about the thrill...about getting away with it...uncontrolled compulsion...etc...
    2. if you have to pay them well so they don't steal from you...then what's the point of hiring them, if the only way you can prevent them from stealing from you is to give up the cash...that's like saying to a burglar ' if you don't rob my house I'll just give you the cash...or...paying protection money to a racket ' here's the cash...now don't trash my store '.

    A guy walks in for an interview...' Hi, I'm a thief...but if you pay me very well I promise not to steal from you '...cough...Yeh, Right!...cough...

    if the guy is ' truly ' reformed, then you don't have to pay him extra...if he isn't reformed, then you're a fool to hire him, because no matter how much extra you pay him he's still going to steal from you anyways...and you'll end up a fool twice over.

    As the old saying goes...' Fool me once, shame on you; fool me twice, shame on me. '



    Eg

  8. #48
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    Haha... so you would invite an individual such as myself over
    Personally.. No. For these purposes, sure.

    BBZZZZZZZZZZZZ! Wrong answer, but thank you for playing.
    GAH! That's getting annoying zencoder
    Space For Rent.. =]

  9. #49

    I would hire the hacker, but keep controls in place and closely observed

    Keep your friends close, but keep your enemies closer

  10. #50
    Junior Member
    Join Date
    Apr 2004
    Posts
    13
    For those of you who said you would never hire a hacker with a record, I was wondering if you would hire this guy. He said he wanted to be a programmer, but would you hire a person with a similiar record?
    Every man has his price. Mine is $3.95.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •