Perimeter
8/11/2011
05:29 PM
Mike Rothman
Mike Rothman
Commentary
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Judge Thyself

The haters came out of the woodwork regarding Defcon Kids. What are they scared of? That kids may actually learn something useful?

As I've had a week to kind of digest the annual hacker fest known as Black Hat, Defcon and BSides in Vegas, I continue to marvel at the kind of research the smart folks in our industry do. They break things in ways it's hard to imagine. Outside of the typical corporate environment, you get to see folks as they are. Some sport their black T-shirts. Others mohawks and other interesting hair. Still others in their preppy best or wearing a kilt. Hackers come in all shapes and sizes. All genders, philosophies, and religions - or not.

The thing that unifies the community is a love of breaking things. A refusal to accept that something cannot be made to do something unintended. It makes no difference who you are, where you are from, or what you look like, as long as you can break stuff in interesting ways.

Yet, it seems we don't accept that parents have a right to teach their kids whatever they want, however they want. Within the boundaries of the law, that is. There was a decent amount of backlash for folks wondering how respectable parents could let their kids go to Defcon Kids. There will be hackers there. Doing hacker-like things. Expressing themselves as they see fit.

So these folks are happy to attend Defcon, or follow the proceedings from afar. Yet, they don't want their kids to see their life. See their community. See what their folks do and the kinds of people they work with. Seems to me like hypocrisy of the first degree.

You can paint a lot of the issues we have a society, globally, to the fact that many people have problems with how others live. They don't like them because they look different or act different or like different things. Therefore they are wrong. And these folks fear showing their kids some drunken people or maybe some folks with, uh, a lack of clothing. Gosh, their little heads may explode. And heaven forbid they find Dad's "special" movies.

It's a load of crap. You know how kids learn? By seeing different things. You know how they decide what is right and wrong? From the example set by the folks around them that the trust. Treat your kids with respect and they may listen. Fail that test, and I guarantee they won't. Do I worry that my kids would become drunkards, if they see a drunk person? That they will become sex addicts if they see some nudity? I don't.

I don't worry about these things because I realize my kids will make up their own mind. It's that damn free will thing. They will decide what path is best for them. They may reject my value system. I hope not, but I don't make any assumptions. So the only thing I can do is show them a lot of different things. I can provide my opinions about what is good and/or bad about how others live. Tell them what I'd do in a certain situation. Pick them up when they learn the same lesson I learned in the school of hard knows. They need to figure out what is right for them. Sheltering them from the world isn't going to get them there.

Defcon Kids and HacKid are all focused on exposing the kids to all sorts of things. Things that we enjoy, like programming, social networking, games, lock picking and even social engineering. Are those bad skills to have? Why don't you look in the mirror and ask yourself? If you were squawking about others taking their children to Defcon Kids, what are you ashamed of?

Actually, don't do that. I don't much care. That's your issue, not mine. If you don't want to take your kids to Vegas, don't. What I do object to is you trying to force your values on me or on anyone else. So basically, shut your pie holes. And sit in your room grumbling over how these folks are ruining our world.

I'll be teaching my kids about accepting other people. About embracing our differences. About learning new things. I think those are much more useful life skills than being a hater. But that's just me. Mike's bold perspectives and irreverent style are invaluable as companies determine effective strategies to grapple with the dynamic security threatscape. Mike specializes in the sexy aspects of security, like protecting networks and endpoints, security management, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-3154
Published: 2014-04-17
DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file conte...

CVE-2013-2143
Published: 2014-04-17
The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.

CVE-2014-0036
Published: 2014-04-17
The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.

CVE-2014-0054
Published: 2014-04-17
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External ...

CVE-2014-0071
Published: 2014-04-17
PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections.

Best of the Web