SMB Insider Threat: Don't Hire A Hacker

Network Computing Dark Reading

Advertise

About Us

Threaded | Newest First | Oldest First

[close this box]

Jeffro Nunyas,
User Rank: Apprentice
7/20/2013 | 4:41:52 AM

re: SMB Insider Threat: Don't Hire A Hacker

Ok Doug

I think we need to recognize one very important fact. Edward Snowden is NOT a hacker. He got a job that gave him easy access to some information. If he were a true hacker, he wouldn't have needed to get a job to get the information.

Stop glorifying that traitor just because he took a class or two for learning ethical hacking techniques. He is or was just a glorified analyst with specific tasks assigned to him per the job title he was hired as.

He stole the information, then he leaked it. He's nothing but a common thief.

Reply | Post Message | Messages List | Start a Board

edannert,
User Rank: Apprentice
7/22/2013 | 11:53:19 AM

re: SMB Insider Threat: Don't Hire A Hacker

I guess if you call Snowden a traitor and common thief I would call the NSA/US Government the obnoxious bully in the school yard... And yes, someone has to call out the antisocial behaviour of bullys. The question here is who violated what law, but despite that fact I agree that Snowden is definitely not a good example for an insider threat, because no ethical rules apply here anyway...

Reply | Post Message | Messages List | Start a Board

Landoll,
User Rank: Apprentice
7/26/2013 | 12:15:46 AM

re: SMB Insider Threat: Don't Hire A Hacker

Agreed - Snowden is not a hacker. I did not call Snowden a hacker; I called Snowden a 'trusted insider' - we should be able to agree on that.

Regarding the use of the term 'hacker' in the headline and in the article, I realize my use of the term (e.g., skilled but untrustworthy) does not agree with the technical communities use of the term (e.g.,skilled and clever tinkerer). While I appreciate the audience, the article is written for the management of SMBs and thus I use the term as they would likely interpret it.

Reply | Post Message | Messages List | Start a Board

James E.R573,
User Rank: Apprentice
8/31/2017 | 12:11:14 PM

Pending Review

This comment is waiting for review by our moderators.

Reply | Post Message | Messages List | Start a Board

Ctendellceh,
User Rank: Apprentice
8/19/2013 | 11:44:58 PM

re: SMB Insider Threat: Don't Hire A Hacker

I am a Certified Ethical Hacker charlestendell.com and I honestly think that any organization that is going to hire a true hacker should have strong controls in place to protect against anything they may encounter. I also think that organizations who hire an actual hacker are going to be better protected from malicious hackers in the long run. You have to be a hacker to catch a hacker.

Being afraid of the trusted insider shouldn't be solely focused on the hacker. What about the accountant? The marketing manager or the under paid security guard?
Business have to do business and that means hiring employees. Screenings are irrelevant, a good measure, but no amount of screening is going to protect you from an insider threat. Lets look at Snowden, to work for the NSA in any capacity you have to go through months and several different levels of screening. Polygraph, Multi spectrum background and criminal investigation. They will go and talk to your 3rd grade teacher if necessary. The bottom line, screenings didn't help there and being a hacker should not disqualify anyone.

And personally, he is not a traitor. He may not have responsibly disclosed the information he had but it is a good thing that he released it. People should not fear their government, governments should fear its people.

Reply | Post Message | Messages List | Start a Board

BarbaraW864,
User Rank: Apprentice
10/2/2015 | 12:02:37 PM

Pending Review

This comment is waiting for review by our moderators.

Reply | Post Message | Messages List | Start a Board

DianeL138,
User Rank: Apprentice
1/22/2017 | 6:46:54 PM

Pending Review

This comment is waiting for review by our moderators.

Reply | Post Message | Messages List | Start a Board

MalcomW730,
User Rank: Apprentice
6/26/2017 | 11:16:05 AM

Pending Review

This comment is waiting for review by our moderators.

Reply | Post Message | Messages List | Start a Board

Editors' Choice

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry

David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP, 7/9/2021

Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours

Robert Lemos, Contributing Writer, 7/7/2021

It's in the Game (but It Shouldn't Be)

Tal Memran, Cybersecurity Expert, CYE, 7/9/2021

Live Events

Webinars

SecTor - Canada's IT Security Conference Oct 1-6 - Learn More

Black Hat USA - August 6-11 - Learn More

[FREE Virtual Event] The Identity Crisis

More Informa Tech Live Events

White Papers

Breaches Prompt Changes to Enterprise IR Plans and Processes

Implementing Zero Trust In Your Enterprise: How to Get Started

Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal

The Many Risks of Modern Application Development

The Many Facets of Modern Application Development

More White Papers

Cartoon

Latest Comment: I've heard of people walking right out the front door with entire servers...

Cartoon Archive

Current Issue

Black Hat USA 2022 Attendee Report

Black Hat attendees are not sleeping well. Between concerns about attacks against cloud services, ransomware, and the growing risks to the global supply chain, these security pros have a lot to be worried about. Read our 2022 report to hear what they're concerned about now.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Incident Readiness and Building Response Playbook

In this special report, learn the Xs and Os of any good security incident readiness and response playbook.

Download Now!

Battle for the Endpoint

0 comments

How Enterprises are Developing Secure Applications

0 comments

Assessing Cybersecurity Risk in Today's Enterprises

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2022-37452
PUBLISHED: 2022-08-07

Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set.

CVE-2022-26979
PUBLISHED: 2022-08-06

Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a NULL pointer dereference when this.Span is used for oState of Collab.addStateModel, because this.Span.text can be NULL.

CVE-2022-27944
PUBLISHED: 2022-08-06

Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow an exportXFAData NULL pointer dereference.

CVE-2022-2688
PUBLISHED: 2022-08-06

A vulnerability was found in SourceCodester Expense Management System. It has been rated as critical. This issue affects the function fetch_report_credit of the file report.php of the component POST Parameter Handler. The manipulation of the argument from/to leads to sql injection. The attack may be...

CVE-2022-2689
PUBLISHED: 2022-08-06

A vulnerability classified as problematic has been found in SourceCodester Wedding Hall Booking System. Affected is an unknown function of the file /whbs/?page=contact_us of the component Contact Page. The manipulation of the argument Message leads to cross site scripting. It is possible to launch t...

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]