International cybercrime, as portrayed by the movies and mass media, is a high-stakes game of shadowy government agencies and state-sponsored hacking groups. Hollywood casting will wheel out a char…
It always warms my heart when a single person is able to outsmart large multi-million/billion dollar tech companies like Nvidia and Rockstar. Really shows how piss poor these companies security can be.
I would definitely look to hire that kid with a high wage just to make sure he doesn’t hacke me again, if I were one of the companies he hacked into. Companies should really think about trying to hire these hackers because then the threats against them might go down ever so slightly.
Counterpoint: he got caught. Whatever his offensive capabilities are, his security posture is evidently lacking. Recruiting a glass cannon like that might not work out if you’re looking for help with security hardening.
Then comes the issue of a rogue pentester selling his clients zerodays into black market for crypto. Don’t know if the myth of being hired by government agencies is true.
I would definitely look to hire that kid with a high wage just to make sure he doesn’t hacke me again, if I were one of the companies he hacked into. Companies should really think about trying to hire these hackers because then the threats against them might go down ever so slightly.
I understand your thought, but some people just want to watch the world burn and you definitely don’t want to bring that sort inside.
This guy seems to be driven, capable and lacking the common sense to know when to stop.
Its kind of inevitable, you know that meme about the overlap between the smartest bears and the dumbest tourists? Well the same is true for secure working practices and the dumbest/laziest employees. Any system too secure will also be enough of a pain in the ass that some people will start doing stupid shit that nullifies that security.
For others like me interested in the exact example; it’s about the difficulty of designing a trash can that smart bears cannot open and dumb tourists still can. You cannot create something too secure if you still want dumb people to use it as well, due to the overlap.
The quote is not really saying dumb people will break / nullify security, like I read in the above comment, but more that they just will not be able to operate it.
It always warms my heart when a single person is able to outsmart large multi-million/billion dollar tech companies like Nvidia and Rockstar. Really shows how piss poor these companies security can be.
I would definitely look to hire that kid with a high wage just to make sure he doesn’t hacke me again, if I were one of the companies he hacked into. Companies should really think about trying to hire these hackers because then the threats against them might go down ever so slightly.
Counterpoint: he got caught. Whatever his offensive capabilities are, his security posture is evidently lacking. Recruiting a glass cannon like that might not work out if you’re looking for help with security hardening.
Counter-counterpoint: he could work as a pentester, where his sole purpose is to just break into things.
Leave the policy making and actual hardening to someone else.
Then comes the issue of a rogue pentester selling his clients zerodays into black market for crypto. Don’t know if the myth of being hired by government agencies is true.
I understand your thought, but some people just want to watch the world burn and you definitely don’t want to bring that sort inside.
This guy seems to be driven, capable and lacking the common sense to know when to stop.
Its kind of inevitable, you know that meme about the overlap between the smartest bears and the dumbest tourists? Well the same is true for secure working practices and the dumbest/laziest employees. Any system too secure will also be enough of a pain in the ass that some people will start doing stupid shit that nullifies that security.
For others like me interested in the exact example; it’s about the difficulty of designing a trash can that smart bears cannot open and dumb tourists still can. You cannot create something too secure if you still want dumb people to use it as well, due to the overlap.
The quote is not really saying dumb people will break / nullify security, like I read in the above comment, but more that they just will not be able to operate it.
some companies do.