back to article Legendary hacker and L0pht member Peiter Zatko joins Twitter as security chief

Twitter has hired legendary hacker Peiter "Mudge" Zatko as head of security. Under the newly created role, Mudge will take responsibility for everything from incident response to ensuring the "integrity" of the platform. Speaking to CNBC, he described his remit as including "information security, site integrity, physical …

  1. FlamingDeath Silver badge

    So what we can learn from this, is being a shitbag is rewarding

    1. Anonymous Coward
      Anonymous Coward

      Hacker not a cracker very big difference

      1. jake Silver badge

        Sure of that, AC?

        Not familiar with L0phtCrack, I take it? He was also a fan of the buffer overflow, like most of the skiddies of his era.

        Not so much an actual hacker as the subset known as a social engineer. That's why he's where he's at now.

        1. Michael Wojcik Silver badge

          Re: Sure of that, AC?

          I have to disagree. He has legitimate hacking credibility. Besides the early buffer-overflow research, there's his contribution to the MSCHAPv2 cryptanalysis, his security analysis of PalmOS, and so on. And l0phtcrack obviously demonstrates breadth beyond BOFs and social engineering, and it wasn't just a trivial brute-force or dictionary cracker - even early versions made use of the cryptanalysis of the LANMan hash (which, granted, is pretty obviously broken) by Mudge and Weld Pond, and had sniffing capability.

  2. Khaptain

    Experienced hacker employed by media site ---mmmhhh

    Hackers don't necessarily make good security consultants. It's one thing to attack a site, it's a whole other ball game to defend it and more importantly to know what to do when it's too late...

    1. Bronze badge

      Re: Experienced hacker employed by media site ---mmmhhh

      It even says so in the article that he has had numerous security positions since his hacking days.

      I think working at DARPA is enough of a qualifier.

    2. Version 1.0 Silver badge

      Re: Experienced hacker employed by media site ---mmmhhh

      "Hackers don't necessarily make good security consultants" yet in America a vast number of people think that TV and Hollywood film actors make excellent Presidents. So it's no big surprise.

      1. Bronze badge

        Re: Experienced hacker employed by media site ---mmmhhh

        Kanye 2020. I'm sure nothing will go wrong.

        1. jake Silver badge

          Re: Experienced hacker employed by media site ---mmmhhh

          Apparently some 60,000 voters ticked his box nation-wide. This is a statistical anomaly, at best. People ticking the adjacent box to the intended one (lack of reading glasses? beer goggles?) could account for most of it.

          Seems there's hope for the GreatUnwashed after all.

      2. Michael Wojcik Silver badge

        Re: Experienced hacker employed by media site ---mmmhhh

        Unless I'm forgetting someone, the only US President with a background in film acting was Reagan. I didn't (and don't) care for Reagan's policies, but he had a long and varied career in politics and there's overwhelming evidence showing he was a well-informed policy wonk, at least until cognitive decline took its toll.

        Based on the only example we have, there's nothing inherently wrong with having a former film star as president. Of course, drawing that conclusion, or any conclusion on the topic, from a sample size of one would be stupid.

        Similarly, it would be foolish to conclude that all former television stars are unsuitable for the job based on a sample size of one.

    3. Anonymous Coward
      Anonymous Coward

      Re: Experienced hacker employed by media site ---mmmhhh

      Maybe. But they're better than the trash the educational system puts out with CompSci degrees and security majors.

      The way that cybersecurity and infosec is handled in professional environments is also very wrong.

      Somehow what is a very technical profession has been turned into a managerial one.

      I've been skimming the content of the CISSP and while the technical element is very good. The managerial element (which is the main focus of this cert) appears to be a very thinly veiled "who to blame" and how to "pass the buck" framework.

      I think we need to reasses exactly what a cybersecurity person is supposed to do otherwise the industry is going to change for the worse and become one of those bullshit roles like "Digital Transformation Consultant" and so on.

      In my view a cybersecurity person should be the bridge between your IT guys and the top brass. Overlapping with the IT guys (but not so much that it becomes a conflict of interest).

      They should be in the room when your website is being redeveloped, new tech is being deployed etc.

      They should not be hived off to simply churn out reports, recommendations, advisories and user training.

      Cybersecurity folks are the worst people to deliver cybersecurity training because it's often very difficult for them to relate to users stance on getting their job done. Which is key because the vast majority of security related issues stem from your users.

    4. Michael Wojcik Silver badge

      Re: Experienced hacker employed by media site ---mmmhhh

      No one necessarily makes a good security consultant. That's why we look at a person's CV and other qualifications and attributes, and not just a single label.

      But having done security research, particularly vulnerability identification and exploit development, shows a capacity for sustained "security thinking", which is definitely a requirement for security chief.

      Zatko is as qualified for this position as anyone else I can think of offhand.

  3. Anonymous Coward
    Anonymous Coward

    Spot the Fed!

    Can I have my t-shirt now please?

    You might need to back date request that t-shirt to start many, many years ago, like he did

  4. jake Silver badge

    Cyber security? More like job security ...

    "and DARPA, where he was responsible for the creation of at least three Department of Defense cybersecurity programmes."

    Are we to believe that his third effort was successful while the first two were not? Would he have been given a fourth shot at it? Was somebody else? How about a fifth? (No, not the one in the Program Director's bottom drawer ... ). So-called "Cyber Security" ... the non-existant gift that keeps on giving.

    As P.T. Barnum never said "There's a sucker born every minute".

  5. Sparkus

    So presumably....

    There will be no more 'hacks' at Twitter and celebrity posters will be compelled to own up to their on-line idiocy?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022