Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

09:51 AM
Connect Directly

McClure: Hacking Exposed

Security researcher-turned-executive Stuart McClure on surviving a plane crash, witnessing the Morris worm firsthand -- and hacking a college buddy's password

As the United Airlines flight on which Stuart McClure was traveling with his mother and little brother began nosediving toward the Pacific Ocean after a midair explosion, a passenger sitting next to the-then college sophomore McClure said to him, "It's been really good knowing you," as they covered their heads in preparation for a crash.

McClure, now 44, recalls the plane suddenly returning to a horizontal position, seeing lights on the horizon, and, then, surviving a shockingly near-perfect landing on the ground in Hawaii. A known design flaw in the Boeing 747's door-latching mechanism that the airline hadn't yet fixed had blown open the cargo door at 25,000 feet, causing the explosion and fire in two of the plane's engines that ripped a massive hole in the business-class section of the aircraft and killed nine people.

"United Airlines had known about it, and it was a month or two from the deadline to repair it, and they hadn't done it yet," McClure says.

Even more chilling for McClure was that he and his family had nearly moved to seats in the section where the accident had occurred, but ultimately decided to stay put. He says his brush with death has a lot to do with his incessant drive to figure out security holes and get them fixed. "I can't sleep until I figure something out. I started to realize that [the crash] was a big part of it," he says, and wanted to ensure that no one would become the victim of a mistake.

McClure -- who co-authored the widely recognized and read "Hacking Exposed: Network Security Secrets and Solutions" book with Joel Scambray and George Kurtz, and later co-founded Foundstone, a security consulting and products company that McAfee acquired in 2004 -- a year-and-a-half ago started up security services and product firm Cylance, which, among other things, focuses on embedded systems and critical infrastructure security. Cylance researchers have pinpointed vulnerabilities in medical equipment and building automation systems, for example -- systems that have physical security ramifications as well.

"It's all been leading to developing these next-generation technologies to detect good and bad algorithmically," says McClure, who is CEO and president of Cylance. "We take all that is known and the experience in how they work, the techniques, and holes in defense, and then try to find the math algorithm of what is good or bad."

Stuart McClure

McClure's first hack came a few years after surviving the airplane accident. He was a TA in a secure programming class at the University of Colorado in Boulder. "A buddy of mine was a systems administrator for a Solaris box, and he was bragging that his Solaris box was never hit by the Morris worm ... I was no hacker [then], but was a pretty darn good programmer," he says. "I knew the ins and outs of Unix, so I said, 'OK, are you challenging me then?'"

It was throwdown time. "I didn't sleep for 36 hours and was able to reverse-engineer the encryption algorithm for the password on his system," McClure recalls. "So I got a brute-force tool to break his password and gave him a folded-up piece of paper with his root password, 'apple1,' as unglamorous as it was. You should have seen his face go ashen white."

McClure, who had previously done some low-level reverse-engineering of the Morris worm when it hit other servers at the university in 1988, says that password crack gave him the hacking bug. He went on to write virus detection tools early in his IT career and later co-founded Foundstone. McClure served as enterprise vice president and global CTO and general manager of the management business unit at McAfee, part of Intel, after the Foundstone acquisition.

But the red McAfee brand shield won't carry the McAfee name anymore: Intel CEO Brian Krzanich yesterday at the Computer Electronics Show announced that Intel is dropping the McAfee name and rebranding McAfee products as Intel Security products. What does former McAfee exec McClure think of the move?

McClure says he wasn't really all that surprised. "The reason Intel bought McAfee, honestly, was to extend Intel into security. It's natural to have a name change," he says. "And I'm sure some of John McAfee's activities have helped spur that along a bit," he says of the infamous McAfee founder who, in the past year, fled Belize to avoid questioning by police about a murder of one of his neighbors, as well as posted a bizarre video on YouTube criticizing his former company.

Meanwhile, McClure's legacy at Foundstone includes building a product he describes as akin to an early Metasploit or Core Impact. "It was [built] way ahead of Core and Metasploit. But the market just wasn't ready for it at the time. They didn't understand a vulnerability or how to exploit it," he says. "We would release it a couple of years later as Vulnerability Manager."

Those were the days when white-hat researchers kept their bug finds to themselves for the most part, he says. "You would keep it a few weeks so you could impress your customers when you did a pen test. Eventually, you'd roll it out to Microsoft," and it would patch it a year or so later, he says.

McClure's view of the traditional reactive approach to security reflects his mission to fix problems before someone or something gets hurt. He says the security industry today needs to stop waiting to see an attack before coming up with a detection mechanism: "The AV industry and all signature-based technologies are flawed," he says.


Worst day ever at work: When I was forced to lay off a team of people, despite having crushed our numbers for the quarter and year.

What McClure's co-workers don't know about him: I enjoy studying immunology -- bacteria, viruses, cancer cells, fungi, parasites, prions, etc. -- and how the body's defenses work.

Favorite team: Denver Broncos -- especially this year.

Favorite hangout: My house, since I travel a lot.

In his music player right now: Mostly R&B/pop and dance. Some explicit tracks, but don't tell anyone.

McClure's security must-haves: Encryption (PGP), two-factor authentication on everything possible, and a desktop firewall.

McClure's security must-not-haves: USB sticks, "Click here to win your prize" emails, antivirus (but I am not typical).

Comfort food: Right now an Immunizer drink at Juice-it-up.

Ride: Audi, but about to move into a hybrid.

For fun: Long bike rides, 50 to 75 miles.

Guilty pleasure: "Real Housewives"-- OC and Beverly Hills mostly-- and "Vanderpump Rules." Only because they make my life look calm.

Actor who would play him in a film: Tom Cruise

Next career: Immunologist

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
User Rank: Apprentice
1/22/2014 | 6:13:44 PM
re: McClure: Hacking Exposed
Is this the same Stuart Mcclure? The one who was led rampant software piracy and the mismanagement of Foundstone?


"In some ways the Foundstone tale is a microcosm of the ugly side of the dot-com craze--arrogance, greed, mismanagement, and stupidity"
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: "The truth behind Stonehenge...."
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-03-02
rakibtg Docker Dashboard before 2021-02-28 allows command injection in backend/utilities/terminal.js via shell metacharacters in the command parameter of an API request. NOTE: this is NOT a Docker, Inc. product.
PUBLISHED: 2021-03-02
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
PUBLISHED: 2021-03-02
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
PUBLISHED: 2021-03-02
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
PUBLISHED: 2021-03-02
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.