Perimeter
8/11/2011
05:29 PM
Mike Rothman
Mike Rothman
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Judge Thyself

The haters came out of the woodwork regarding Defcon Kids. What are they scared of? That kids may actually learn something useful?

As I've had a week to kind of digest the annual hacker fest known as Black Hat, Defcon and BSides in Vegas, I continue to marvel at the kind of research the smart folks in our industry do. They break things in ways it's hard to imagine. Outside of the typical corporate environment, you get to see folks as they are. Some sport their black T-shirts. Others mohawks and other interesting hair. Still others in their preppy best or wearing a kilt. Hackers come in all shapes and sizes. All genders, philosophies, and religions - or not.

The thing that unifies the community is a love of breaking things. A refusal to accept that something cannot be made to do something unintended. It makes no difference who you are, where you are from, or what you look like, as long as you can break stuff in interesting ways.

Yet, it seems we don't accept that parents have a right to teach their kids whatever they want, however they want. Within the boundaries of the law, that is. There was a decent amount of backlash for folks wondering how respectable parents could let their kids go to Defcon Kids. There will be hackers there. Doing hacker-like things. Expressing themselves as they see fit.

So these folks are happy to attend Defcon, or follow the proceedings from afar. Yet, they don't want their kids to see their life. See their community. See what their folks do and the kinds of people they work with. Seems to me like hypocrisy of the first degree.

You can paint a lot of the issues we have a society, globally, to the fact that many people have problems with how others live. They don't like them because they look different or act different or like different things. Therefore they are wrong. And these folks fear showing their kids some drunken people or maybe some folks with, uh, a lack of clothing. Gosh, their little heads may explode. And heaven forbid they find Dad's "special" movies.

It's a load of crap. You know how kids learn? By seeing different things. You know how they decide what is right and wrong? From the example set by the folks around them that the trust. Treat your kids with respect and they may listen. Fail that test, and I guarantee they won't. Do I worry that my kids would become drunkards, if they see a drunk person? That they will become sex addicts if they see some nudity? I don't.

I don't worry about these things because I realize my kids will make up their own mind. It's that damn free will thing. They will decide what path is best for them. They may reject my value system. I hope not, but I don't make any assumptions. So the only thing I can do is show them a lot of different things. I can provide my opinions about what is good and/or bad about how others live. Tell them what I'd do in a certain situation. Pick them up when they learn the same lesson I learned in the school of hard knows. They need to figure out what is right for them. Sheltering them from the world isn't going to get them there.

Defcon Kids and HacKid are all focused on exposing the kids to all sorts of things. Things that we enjoy, like programming, social networking, games, lock picking and even social engineering. Are those bad skills to have? Why don't you look in the mirror and ask yourself? If you were squawking about others taking their children to Defcon Kids, what are you ashamed of?

Actually, don't do that. I don't much care. That's your issue, not mine. If you don't want to take your kids to Vegas, don't. What I do object to is you trying to force your values on me or on anyone else. So basically, shut your pie holes. And sit in your room grumbling over how these folks are ruining our world.

I'll be teaching my kids about accepting other people. About embracing our differences. About learning new things. I think those are much more useful life skills than being a hater. But that's just me. Mike's bold perspectives and irreverent style are invaluable as companies determine effective strategies to grapple with the dynamic security threatscape. Mike specializes in the sexy aspects of security, like protecting networks and endpoints, security management, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6117
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

CVE-2014-0174
Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2014-3485
Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

CVE-2014-3499
Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

CVE-2014-3503
Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.