On Mon, 19 Jun 2000 [EMAIL PROTECTED] wrote:
> Utilizing convicted felons are most likely not the case since most
> convicted hackers cannot touch a keyboard or generate revenue from their
> skills ala Kevin Mitnick and others. Persons like Kevin Poulsen can
This isn't precisely true. Only convicted persons on probation are
restricted from using computer equipment in certain ways, and then only if
the restrictions are placed as a condition of probation- I doubt it's all
that common in low-profile cases, of which there are many as compared to
high profile cases. It also probably isn't a good indicator since a lot
of juvenile records are sealed and juvenile terms of probation would
expire with adulthood.
> become correspondents but not be hired as a network security consultant to
> conduct network penetration testing. Other well known hackers do not have
> criminal records but work in the grey or black hat area of computer
> security or are known to hang out in those type of circles. An
Which once again raises the trust question. If a person is "known to hang
out in those type of circles", how do you know what information they're
feeding their friends?
> organization should decide on how to utilize such a group or individual
> people and what finite set of work they will be doing. Other convicted
I think *if they should* is a much more important question than "how to" -
and even finite worksets bring up a host of significant questions about if
someone should have access to detailed information about an organization
and how much vulnerability information- even from blind scans- you want to
go to sources which have proven untrustworthy in the past. Given that new
vulnerabilities are found in old products fairly constantly, it's a very
serious question that should probably be made very high in the
organization.
> type ala Randall Schwartz are excellent instructors but cannot work for
> particular companies like Intel ever again..
IMO, Randal doesn't fall into the currently discussed categories at all,
and as far as I recall there was no prohibition of him not working for
Intel- he's probably disinclined from doing so, and I doubt they'd want
to bring him back onsite given the circumstances of their relationship.
AFAIK, Randal still does "traditional" consulting work too (not just
classes), and the only pre-condition is that he has to disclose his
conviction.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
