Hacking Exposed Chat Session Transcript

from Tony Bradley, CISSP, MCSE2k, MCSA, A+

Page 3

<HE-Kurtz> Yes. Even though money is tight, it is worth every penny. 1$ now, will save $10 later.

<netsecurityadm> Have you read Kevin Mitnick's book? It seems that the best of security measures can be broken by one user writing a password on a sticky-note

<netsecurityadm> One problem with IT in general - and Information Security specifically- is that ROI is hard to prove.

<HE-Kurtz> I have a copy, but haven't read it yet

<netsecurityadm> Do you think it helps to have an understanding of program languages?

<HE-Kurtz> Yes. If you know how the language works, it will help you secure your apps

<netsecurityadm> what programming language are you most proficient in?

<HE-Kurtz> Basic. ; )

<netsecurityadm> What was your first computer?

<HE-Kurtz> TI-994a... and loved it!

<HE-Kurtz> Then went to an Atari

<HE-Kurtz> Then IBM, Sun, and so on

<netsecurityadm> As if you have so much free time (ha ha)- what is your favorite hobby outside of your information security life?

<HE-Kurtz> I like to spend time with my family... which is always tough given my schedule

<netsecurityadm> I can relate- 6 kids, 2 cats and a ""day job"" aside from being the About.com Guide for Internet / Network Security

<netsecurityadm> I'm sure I have more free time than you though

<netsecurityadm> Mr. McClure should be joining us soon- did you have any final thoughts you wanted to share? Does anyone have any last questions for Mr. Kurtz?

<Charlie> Yes please, do you do this type of thing often and if so where??

<HE-Kurtz> A chat session?

<Charlie> yes

<HE-Kurtz> No, this is new to me, but it was great

<Simo> how much did you make from that book?

<HE-Kurtz> Not enough! :)

<netsecurityadm> Do you speak or teach often, or are you primarily busy with your CEO duties?

<Simo> im guessing 25k

<Charlie> A lot more by the time IPV8 comes out

<HE-Kurtz> I speak alot, and our classes our popular. Ultimate Hacking www.foundstone.com

<netsecurityadm> Well, I for one would like to thank you for your time. It has been a pleasure

<netsecurityadm> I look forward to speaking / chatting with you again in the future

<HE-Kurtz> Thank you so much!

<HE_Real_McClure> Hello all. Stu signing in...

<Charlie> yeah vmt Mr Kurtz

<Simo> hello mclure

<netsecurityadm> Welcome Mr. McClure- Stuart McClure is president and chief technology officer of Foundstone

<netsecurityadm> Prior to starting Foundstone Mr. McClure was with Ernst & Young as a leader of the Security Profiling Services Group.

<HE_Real_McClure> How goes the chatting?

<Simo> slow

<netsecurityadm> Did the two of you work together at E&Y?

&#10;<Buck_K_W> Thank you Mr Kurtz.

<HE_Real_McClure> Yup. We worked nationally and around the world.

<netsecurityadm> What made you decide to leave and form Foundstone?

<HE_Real_McClure> Going into organizations and showing people how insecure their networks were,

<HE_Real_McClure> training their staff, and hunting down hackers...

<Charlie> How did you do the hunting??

<HE_Real_McClure> We wanted to take our esoteric knowledge

<HE_Real_McClure> and automate it into products and services that no one was offering...

<netsecurityadm> Did others from E&Y join you?

<HE_Real_McClure> The hunting occurred when companies got hacked and we would get called in to identify and clean their systems.

<HE_Real_McClure> Companies would also want an assessment of the perpetrator, so we would gather evidence and help determine the source.

<netsecurityadm> would your forensic investigations lead to arrests or prosecution?

<HE_Real_McClure> We have a number of folks from ex-big 5, government and the military including EY, Deloitte, KPMG, Air Force, Army

<Simo> What is the age group of hackers you have met? mostly i find a majority to be teenagers

<HE_Real_McClure> The age of hackers ranges wildly. But I find that the folks who brag about being a hacker is usually of a younger generation... Yes.

<netsecurityadm> What made you decide to write the Hacking Exposed books?

<Simo> all the younger 1337 h4x0rs? ;-)

<HE_Real_McClure> Two reasons: 1) we wanted a central place of reference for how hackers get in and how to prevent them from getting in. And 2) at the time, there were no good books that de-mystified the art of security.

<netsecurityadm> The book is one of the best-selling computer books of all time and its been translated into 19 languages- will you continue to put out new editions as new attacks and technology come out?

<HE_Real_McClure> We will continue putting out editions as long as readers keep reading. Updating the book each year is a huge effort but as long as people are interested in our content, I think we all want to continue it... Does anyone have the book? What are you thoughts on it?