What hackers can teach you about security
Can you trust a hacker? What if that hacker was convicted, and served time, for his offences? I ask because I'm back from the RSA Conference in San Francisco, where those questions were hot topics.
Two years ago, computer security companies bragged about hiring former hackers -- who better to plug security holes, the thinking went, than the folks who were so good at finding and exploiting them?
But ever since the passage of the Patriot Act in October 2001, with its stern penalties for hacking, that kind of thinking has fallen out of fashion. Generally, I think that's a good thing: I don't think convicted hackers should be rewarded or become celebrities simply because of their crimes. The same holds true for those who've escaped prosecution.
That said, I think Kevin Mitnick, who spoke at the RSA conference, and others like him have some valuable lessons to teach anyone who's concerned about security.
[ Read more ]