HD Moore said NO to House of Hackers
Dark Reading: Hackers in the House
Is that true?
HD Moore, director of security research for BreakingPoint Systems, says his initial take on the House of Hackers announcement in the blog post is that the recruitment aspect of the House of Hackers could lure the wrong crowd. “If anything, hackers who work in security do all they can to appear professional and trustworthy and that really seems to undermine it,” Moore says. It could end up attracting "'employers'" who aren't interested in the legality of the work they sponsor, he says.
Is that true?
Replies to This Discussion
-
Permalink Reply by djTeller on -
Well, information is all around us, so regrading the attraction.. i think he's wrong.
At least here, we can build/manage it in the right way since it's just started.
-
Permalink Reply by jah on -
Time will tell. It seems to me that if HoH attracts enough talented people then it should attract "employers" who /are/ interested in the legality of the work they sponsor and this in turn should provide enough choice for those talented people such that they might only accept legal jobs. It will certainly be interesting to see how it pans-out.
-
Permalink Reply by Petko D. (pdp) Petkov on -
there is only one rule here: self-police.
-
Permalink Reply by Petko D. (pdp) Petkov on
-
I mean, we have to keep this community professional if we want to get something out of it. I think that the potentials are obvious. It is up to the crowd to decide whether we should all go together the destructive way or the constructive way. I prefer the second.
-
Permalink Reply by Technogeek on -
I can see and understand his point. However; as long as we do police ourselves, this can be a place of great knowledge and thought.
We can keep the strictly black hatters away and embrace all aspects of the hacking culture.
-
Permalink Reply by SJ on -
Hi pdp,
I can definitely see the point that HDM makes, as there is a fine line between a security professional and a 'hacker'. In most cases it would be difficult, if not impossible to differentiate between the two, especially in a community that advertises itself as a hacker community.
While I appreciate the dilemma of security companies hiring shady grey or blackhat characters, I would expect the security community is diverse enough to offer a wide enough range of people to accommodate them all. In the end, trustworthy employers won't make hiring decisions that could negatively impact their company. Some will choose to trust the hacker community, others will choose to hire from academic or professional areas, simple as that.
// SJ
--
Securethoughts.net
-
Permalink Reply by Ramsesoriginal on -
Self-regulation, good content and positive press will help this site a lot, but that's not enough.It depends also on how the "others" see this site, and how they understand it.
-
Permalink Reply by jah on
-
It's actually an interesting quote. When saying "lure the wrong crowd" is Moore talking about blackhats - who's presence might eventually attract those who would hire blackhats? Or is he talking about attracting people who would hire blackhats because of the popular perception of what 'Hacker' means?
-
Permalink Reply by marchiner on -
Hum.. what can i say?
Neither 100% right nor 100% wrong, someties when i participate in interviews that focus on hire new peoples to work in the security company that i work, we always look for trust people and knowledge. But it's denitily hard to find someone that knows about "hacking" and respect the legality of the work, especially during a first contact . As "jah" said "Time will tell".
But social networks like this here can provide a lot of information about peoples that know about hacking stuff, and have a idea of this people behavior. I believe it helps! Don't you?
-
Permalink Reply by Ramsesoriginal on
-
I was just thinking.. i don't know how much the Ning allows us to implement it, but some sort of web of trust would really help identifying the hat color.. something like "Give this hacker's hat a shade of gray", and it would recursively apply that to the ones he applied it.. or something like that..hmm
(sorry if this sounds confusing, I'm wondering myself right now how this could work..)
-
Permalink Reply by Technogeek on
-
I like this idea, sort of like a rating system.
One of the Weight lifting boards I belong go uses a cred, or rep system. Maybe there's something like that that could be implemented. Grey hat in the middle, black hat on the left and white hat on the right. Maybe come up with a series of questions that you could answer that would give an initial rating, then go from there.
-
Permalink Reply by MoH on -
I [think I] understand the reasoning behind why Moore said what he did, and I think it's fair to assume that any moderate individual would do as well.
There is the potential for 'shady' characters to use the resource for questionable means, but that could be said about anything.
To say that HoH has already undermined the professional and trustworthiness of the security industry 'per se' is a little quick of the trigger. It needs to run for a bit first and we'll see what happens.
As for the legality issue with potential employers, quite right! It could well attract people who don't care about the legality of the work but again, this is true for any HR / Recruitment / et.al scenario.
Just to make absolutely clear, this is in no means any attempt to flame HD Moore. The fact that after criticism the issue is being discussed in this manner is evident of an underlying self policing / self maintaining nature; self management, a key characteristic that I associate with professionalism.
I think it's great that this is happening. Hopefully it will be a screaming success and mark another evolutionary step towards the mainstreaming of the community and who knows, a change in the media indoctrinated stereotype of the hacker.
About House of Hackers
Petko D. (pdp) Petkov
created this social network on Ning.
© 2008 Created by Petko D. (pdp) Petkov on Ning. Create your own social network
