So what we can learn from this, is being a shitbag is rewarding
Legendary hacker and L0pht member Peiter Zatko joins Twitter as security chief
Twitter has hired legendary hacker Peiter "Mudge" Zatko as head of security. Under the newly created role, Mudge will take responsibility for everything from incident response to ensuring the "integrity" of the platform. Speaking to CNBC, he described his remit as including "information security, site integrity, physical …
COMMENTS
-
-
-
Tuesday 17th November 2020 19:11 GMT jake
Sure of that, AC?
Not familiar with L0phtCrack, I take it? He was also a fan of the buffer overflow, like most of the skiddies of his era.
Not so much an actual hacker as the subset known as a social engineer. That's why he's where he's at now.
-
Wednesday 18th November 2020 17:30 GMT Michael Wojcik
Re: Sure of that, AC?
I have to disagree. He has legitimate hacking credibility. Besides the early buffer-overflow research, there's his contribution to the MSCHAPv2 cryptanalysis, his security analysis of PalmOS, and so on. And l0phtcrack obviously demonstrates breadth beyond BOFs and social engineering, and it wasn't just a trivial brute-force or dictionary cracker - even early versions made use of the cryptanalysis of the LANMan hash (which, granted, is pretty obviously broken) by Mudge and Weld Pond, and had sniffing capability.
-
-
-
-
-
-
-
-
Wednesday 18th November 2020 01:17 GMT jake
Re: Experienced hacker employed by media site ---mmmhhh
Apparently some 60,000 voters ticked his box nation-wide. This is a statistical anomaly, at best. People ticking the adjacent box to the intended one (lack of reading glasses? beer goggles?) could account for most of it.
Seems there's hope for the GreatUnwashed after all.
-
-
Wednesday 18th November 2020 17:58 GMT Michael Wojcik
Re: Experienced hacker employed by media site ---mmmhhh
Unless I'm forgetting someone, the only US President with a background in film acting was Reagan. I didn't (and don't) care for Reagan's policies, but he had a long and varied career in politics and there's overwhelming evidence showing he was a well-informed policy wonk, at least until cognitive decline took its toll.
Based on the only example we have, there's nothing inherently wrong with having a former film star as president. Of course, drawing that conclusion, or any conclusion on the topic, from a sample size of one would be stupid.
Similarly, it would be foolish to conclude that all former television stars are unsuitable for the job based on a sample size of one.
-
-
Wednesday 18th November 2020 08:56 GMT Anonymous Coward
Re: Experienced hacker employed by media site ---mmmhhh
Maybe. But they're better than the trash the educational system puts out with CompSci degrees and security majors.
The way that cybersecurity and infosec is handled in professional environments is also very wrong.
Somehow what is a very technical profession has been turned into a managerial one.
I've been skimming the content of the CISSP and while the technical element is very good. The managerial element (which is the main focus of this cert) appears to be a very thinly veiled "who to blame" and how to "pass the buck" framework.
I think we need to reasses exactly what a cybersecurity person is supposed to do otherwise the industry is going to change for the worse and become one of those bullshit roles like "Digital Transformation Consultant" and so on.
In my view a cybersecurity person should be the bridge between your IT guys and the top brass. Overlapping with the IT guys (but not so much that it becomes a conflict of interest).
They should be in the room when your website is being redeveloped, new tech is being deployed etc.
They should not be hived off to simply churn out reports, recommendations, advisories and user training.
Cybersecurity folks are the worst people to deliver cybersecurity training because it's often very difficult for them to relate to users stance on getting their job done. Which is key because the vast majority of security related issues stem from your users.
-
Wednesday 18th November 2020 17:33 GMT Michael Wojcik
Re: Experienced hacker employed by media site ---mmmhhh
No one necessarily makes a good security consultant. That's why we look at a person's CV and other qualifications and attributes, and not just a single label.
But having done security research, particularly vulnerability identification and exploit development, shows a capacity for sustained "security thinking", which is definitely a requirement for security chief.
Zatko is as qualified for this position as anyone else I can think of offhand.
-
-
Tuesday 17th November 2020 18:35 GMT jake
Cyber security? More like job security ...
"and DARPA, where he was responsible for the creation of at least three Department of Defense cybersecurity programmes."
Are we to believe that his third effort was successful while the first two were not? Would he have been given a fourth shot at it? Was somebody else? How about a fifth? (No, not the one in the Program Director's bottom drawer ... ). So-called "Cyber Security" ... the non-existant gift that keeps on giving.
As P.T. Barnum never said "There's a sucker born every minute".