Perimeter
8/11/2011
05:29 PM
Mike Rothman
Mike Rothman
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Judge Thyself

The haters came out of the woodwork regarding Defcon Kids. What are they scared of? That kids may actually learn something useful?

As I've had a week to kind of digest the annual hacker fest known as Black Hat, Defcon and BSides in Vegas, I continue to marvel at the kind of research the smart folks in our industry do. They break things in ways it's hard to imagine. Outside of the typical corporate environment, you get to see folks as they are. Some sport their black T-shirts. Others mohawks and other interesting hair. Still others in their preppy best or wearing a kilt. Hackers come in all shapes and sizes. All genders, philosophies, and religions - or not.

The thing that unifies the community is a love of breaking things. A refusal to accept that something cannot be made to do something unintended. It makes no difference who you are, where you are from, or what you look like, as long as you can break stuff in interesting ways.

Yet, it seems we don't accept that parents have a right to teach their kids whatever they want, however they want. Within the boundaries of the law, that is. There was a decent amount of backlash for folks wondering how respectable parents could let their kids go to Defcon Kids. There will be hackers there. Doing hacker-like things. Expressing themselves as they see fit.

So these folks are happy to attend Defcon, or follow the proceedings from afar. Yet, they don't want their kids to see their life. See their community. See what their folks do and the kinds of people they work with. Seems to me like hypocrisy of the first degree.

You can paint a lot of the issues we have a society, globally, to the fact that many people have problems with how others live. They don't like them because they look different or act different or like different things. Therefore they are wrong. And these folks fear showing their kids some drunken people or maybe some folks with, uh, a lack of clothing. Gosh, their little heads may explode. And heaven forbid they find Dad's "special" movies.

It's a load of crap. You know how kids learn? By seeing different things. You know how they decide what is right and wrong? From the example set by the folks around them that the trust. Treat your kids with respect and they may listen. Fail that test, and I guarantee they won't. Do I worry that my kids would become drunkards, if they see a drunk person? That they will become sex addicts if they see some nudity? I don't.

I don't worry about these things because I realize my kids will make up their own mind. It's that damn free will thing. They will decide what path is best for them. They may reject my value system. I hope not, but I don't make any assumptions. So the only thing I can do is show them a lot of different things. I can provide my opinions about what is good and/or bad about how others live. Tell them what I'd do in a certain situation. Pick them up when they learn the same lesson I learned in the school of hard knows. They need to figure out what is right for them. Sheltering them from the world isn't going to get them there.

Defcon Kids and HacKid are all focused on exposing the kids to all sorts of things. Things that we enjoy, like programming, social networking, games, lock picking and even social engineering. Are those bad skills to have? Why don't you look in the mirror and ask yourself? If you were squawking about others taking their children to Defcon Kids, what are you ashamed of?

Actually, don't do that. I don't much care. That's your issue, not mine. If you don't want to take your kids to Vegas, don't. What I do object to is you trying to force your values on me or on anyone else. So basically, shut your pie holes. And sit in your room grumbling over how these folks are ruining our world.

I'll be teaching my kids about accepting other people. About embracing our differences. About learning new things. I think those are much more useful life skills than being a hater. But that's just me. Mike's bold perspectives and irreverent style are invaluable as companies determine effective strategies to grapple with the dynamic security threatscape. Mike specializes in the sexy aspects of security, like protecting networks and endpoints, security management, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-2595
Published: 2014-08-31
The device-initialization functionality in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, enables MSM_CAM_IOCTL_SET_MEM_MAP_INFO ioctl calls for an unrestricted mmap interface, which all...

CVE-2013-2597
Published: 2014-08-31
Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via an application that lever...

CVE-2013-2598
Published: 2014-08-31
app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to overwrite signature-verification code via crafted boot-image load-destination header values that specify memory ...

CVE-2013-2599
Published: 2014-08-31
A certain Qualcomm Innovation Center (QuIC) patch to the NativeDaemonConnector class in services/java/com/android/server/NativeDaemonConnector.java in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.3.x enables debug logging, which allows attackers to obtain sensitive disk-encryption pas...

CVE-2013-6124
Published: 2014-08-31
The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command, as demonstrated by changing the permissions of an arbitrary fil...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.