l0pht Joins with Others to Form @Stake 70
ContinuousPark writes "MSNBC has an article by Brock Meeks, reporting the formation of a security company called @Stake with members from L0pht and people from Compaq, Forrester and Cambridge Technology Partners. They already have $10 millions to start the whole thing. " Check out the recent interview with l0pht heavy industries, as well.
hacker/security? (Score:1)
Remember Comsec Data Security? (Score:1)
Re:update at www.l0pht.com (Score:1)
As someone who worked for Dan Geer at Athena, though, I can certainly vouch for his personal integrity. Very sharp (and very low key), too...
Re:sexy net chars (Score:2)
Also, does this mean you won't be setting up a headlines service, entitled nfn@/..com :)
Last, but not least, I'm going to bet you don't live in that town that changed it's official name to a web address. :)
Could be good... (Score:4)
It depends. L0pht, as it stands, is probably very trustworthy, reputable and straight-up. But sooner or later, they're going to get fresh blood, and who's to say they'll be playing by the same rules?
Then, other [h|cr]acking groups may try and cash in on this, set up their own "security firms", and rip people off for serious money. Even if/though L0pht has nothing to do with any such stuff, they -will- get tarred by the same brush. That's the way the media, and Joe Bloggs, Inc. work.
Last, but not least, it'll only take L0pht missing -one- security hole, just one, in a high-profle company, and there'll be a national scandal, possibly international. L0pht'll undoubtably be accused of leaving the hole there for their own "nefarious" purposes and (at best) be sued to oblivion. The worst'll depend on whether the cops or the heavies get there first.
I would never try and disuade anyone from this kind of venture. It sounds like an extrodinary mix that feels just right for what people need today. What concerns me is that "rightness" might just destroy L0pht and any other "[white|grey]-hat" group. Humanity is notorious for destroying the people it needs, and crushing it's heros.
I'd rather not be reading, this time next year, that those [h|cr]ackers who want to put their skills to good, considerate use are all in maximum security, lynched, or hiding out in the Amazonian rain forest.
Re:The best security is... (Score:1)
The PHBs at my company installed such a package too, recently (Elron Internet Manager).
I did a bit of research, mostly because I am annoyed that they notified us about that we get monitored while not telling us what information is gathered and who gets access to it. Anyways, the interesting bit is this technology pretty much looks like derived from underground technology:
Re:The best security is... (Score:2)
If your management doesn't want secure systems, they should continue to filter out those web sites. But I suspect if you let them know the value of the service they provide.
People in general have a tendency to villify anything they don't understand, especially when it gives people a kind of power they don't have. This is exactly what is going on with the field of computer security. To make matters worse, there is a double standard... Law enforcement and government agencies openly condemn the actions of legitimate hackers, and then turn around and hire them to do their dirty work.
Re:Not surprising (Score:1)
They started a security group in their LA office but I haven't heard anything about them.
They are an American company, incorporated in Delaware, with headquarters in Cambridge Mass USA and offices around the world.
fun.... (Score:3)
Slashdot with the double-header!! (Score:2)
Then again, do we really want our firewalls to be made by the lowest bidder?
Re:In a word, credibility... (Score:1)
So, who owns http://www.@stake.com [stake.com]? Or is likely to be 0wn3d later?
Re:no-sexy /. chars (Score:2)
Who? (Score:1)
---
Re:Who? (Score:1)
--
Increasing the profile of security (Score:3)
*ackers (Score:1)
Hey, somebody seems to finally have seen the light
think about this for a second... (Score:1)
people and crackers? For the most part, if I
were planning to put together an elite team of
security people, I would likely start my search
among reformed and highly skilled crackers.
I would then augment this team with a few veteran
UNIX admins and network specialists, and BINGO!
It really only makes sense... if you want to beat
them, you need to know how they think and function
The Television of Newspapers (Score:1)
USA Today [usatoday.com] has an article [usatoday.com] about this that I would like to hear someone else's input on.
When I read the article, it immediately irritated me, though I had to take a minute to figure out why: the description of the groups activities implies that there is no technical grounding for their methods - there sadly is no mention that part of the group's raison d'etre is to convince people that using 'security through obscurity is wrong' and 'with enough eyes all bugs are shallow' as standard policy is good for the consumer.
It's good for people to know the news, but often we miss out on why these articles are important to know.
An aside: does anyone know who first referred to USA Today as "the television of newspapers"?
Thanks
----
Re:hacker/security? (Score:1)
I just wish my company could understand this (see my prior post!)
Steven Rostedt
The best security is... (Score:2)
I read about this morning in the paper and tried to find it on the web, to post to
Anyway, this is good and bad. The ones that can make the best secured machine is usually the ones that are the best a breaking them. But most crackers have an ego. They will probably always leave a back entrance that is very difficult to find. Now I would trust them enough to analyze a system, and consult on how to make it better, but I don't know if I could trust them to work on the machines themselves. But then again, if they are now a company that relies on trust, then the may keep from doing it. But if this company gets big and starts to hire lots of people the trust may just go down. So, it's a good thing and it's a bad thing.
Funny, my company just got new filtering software and I no longer can look at www.l0pht.com or www.2600.com. They are filtered as "criminal activity" sites. But I use to read these sites to get the information on how to secure my systems better. But at least I can see these sites at home.
Steven Rostedt
Re:In a word, credibility... (Score:1)
Having people who can speak "suit language" working as consultants with people who understand security technology looks like an important step to getting security taken seriously. For too long, security has been the "top priority" until it comes time to pay in [money,time to market,performance,usability] when the acceptable price turns out to be [some,nothing,nothing,nothing].
Let us hope that this company has the credibility, both business and technical, to make decision makers realise that it is possible to do better than is common with current offerings.
Pity about the @Stake web site [atstake.com] - they seem to have had the "web is art" or "my browser is the only browser" designers in (or perhaps the black on black I got is an 'underground' thing).
Re:sexy net chars (Score:1)
Everything's a variable now.
That's what I love about them high-school girls. I get older, they stay the same age... yes they do.
--Wooderson 1976
In a word, credibility... (Score:4)
There are so many companies out there selling snake-oil security 'solutions' (monoalphabetic encryption anyone?) that people are putting their faith in because they don't know any better, and don't have the time to learn. Plus, when a company the size of Microsoft says 'Oh don't you worry about that, it'd never *really* happen' all too many people will take them at face value.
It's good to have people with some real cracking mileage under their feet doing this because it ads credibility to what they're saying. It doesn't matter if you like them or not, you'll sit up and take notice if the folk who wrote l0phtcrack put their hands up and say "it doesn't look right" when talking about the security of a given product. They've demonstrated that they know what they're talking about, and demonstrated that "that probably doesn't matter" is no way to regard security issues.
One of these days, we may even manage to convince the commercial side of the business that security is a fundamental, and that a robust security facility must inform every other aspect of installing and managing systems, especially on the Internet. But hell, it's easier just us techies aren't doing our jobs properly when someone gets cracked...
(not that I'm talking from sore experience or anything
Re:L0pht joins the big show (Score:1)
Re:sexy net chars (Score:2)
will we ever see the end of the media/commercial use of the 'sexy internet'(TM) chars? stuff like @,
Well, over at ZDuhNET, they report the company name [zdnet.com] as "AtStake Inc."
Oh wait, the headline sez they are joining the e-security market. e-yuk.
======
"Rex unto my cleeb, and thou shalt have everlasting blort." - Zorp 3:16
Boston Globe (Score:1)
---
Re:Who does Mudge think he is, anyway? (Score:1)
Re:Who does Mudge think he is, anyway? (Score:1)
Anyway, I think Mudge is really his last name.
Re:sexy net chars iMacs nearly 3 million a year (Score:1)
Re:sexy net chars iMacs nearly 3 million a year (Score:1)
Re:sexy net chars (Score:2)
Re:Who does Mudge think he is, anyway? (Score:1)
It will be interesting to see if they succeed (Score:2)
It will be interesting to see how successful the L0pht guys are. A lot of factors are different now than in the late 1980's. For one thing, people are a lot more aware that there are adversaries out there who want to get into your computers. Also, it seems that the market favors trendy new computer-related companies, a testament to this is the $10mil of startup money they have.
One thing that I haven't seen mentioned anywhere with this discussion is Gene Spafford's (from Purdue) assertion that it is foolhardy to trust hackers with your sensitive information. He equates this to trusting a crook to guard your bank vault. Not sure I totally agree with this, but it will be interesting to see how the world views this.
Re:L0pht joins the big show (Score:1)
L0pht joins the big show (Score:2)
This strikes me as a "Very Good Thing"(TM). This melding of industry heavyweights with the undeniable genius of L0pht should be able to provide their clients with EXCELENT security analysis and hopefully companies will finally realize what a secure system really is.
One thing I'm wondering is whether L0pht will be continuing their individual software and hardware projects. Will they be able to keep their IP? Will they still be releasing holes?
Just food for thought.
P.S. I just can't help thinking of Alan Dean Foster's hyperactive otter from the spellsinger series every time I hear the name Mudge (grin)
Re:The best security is... (Score:1)
I'm sure the people who wrote this software check 2600.com and l0pht.com 500 times a day to stay current with the latest security news...but, I guess they think we can't be trusted with that information.
Make your feelings known to the manufacturer....thats what I did...if that doesn't work....i'll look for new software.
Re:Not surprising (Score:1)
Re:fun.... (Score:1)
good guys (Score:2)
If anyone deserves to be recognized and to make money, in the field that they love, it's
the guys from l0ft. They talked at one of the hope(hackers on planet earth conventions) and
they convinced me that they are truly concerned with the internet community and the underground.
BTW if you would like to hear what they had to say check the 2600 [2600.com] website. Look for the hope archives.
Re:update at www.l0pht.com (Score:2)
Sorry about the number of posts I really like these guys.
Re:Slashdot with the double-header!! (Score:1)
Re:Slashdot with the double-header!! (Score:1)
Re:good guys (Score:1)
I'm in the field of information security and from first hand experience the guys at l0pht have done more to educate and raise awareness on security issues than any other organization.
Firms like ISS and the like are great but all are mostly reactive not proactive like l0pht.
I dont agree with giving away stuff like l0phtcrack and tools which seem to have no real legit value, but overall they do in the long run serve a purpose.
Re:Not surprising (Score:1)
DON'T hire hackers to be youyr security consultants! They will install back doors and steal your data!
Yet, when you and now big names like compaq want real security insight and vision without the bull, they turn to L0pht.
Re:no-sexy /. chars (Score:1)
Although I do wish I got paid like one.
no-sexy /. chars (Score:2)
stuff like BSOD, IANAL,LOL and the oh-so-popular ANAL.
i work for @IANAL(no flames please) and even *I* am getting sick of it. hopefully as the net-craze will sweep past the consumer, leaving only painfull memories of CAPATALIZED abbreviations and 'IAMAL.com-everywhere'
Re:sexy net chars (Score:1)
DotComGuy
(.comguy for short?)
what the hell is the world coming to ? all of a sudden the matrix doesnt seem so farfetched any more
Re:fun.... (Score:1)
great idea, bad implementation.
im sick of the net. if i didnt love my computer so much id throw my TV at it
sexy net chars (Score:2)
stuff like @,
i work for @home(no flames please) and even *I* am getting sick of it. hopefully as the net-craze will sweep past the consumer, leaving only painfull memories of dotted phone numbers and '.com-everywhere'
Re:sexy net chars (Score:2)
aren't we on