Internet Business (formerly Internet Computing)
Melanie McMullen
Oct 1998
Vol 3  Issue 10

"The Big Hack Attack"  (feature article)

Brad Powell could be the most important person you'll ever meet.
Or worse yet, he may be someone you wish you had met sooner - because
it may already be too late. At first glance, Powell doesn't appear to
be too important: He's an unassuming, dishwater-blond, jeans-wearing 
guy in his thirties. And as a senior security architect, he has been 
quietly managing a 70-person security analysis team for the last four 
years in Sun's enterprise services division.

While this job description may sound innocuous, note that Powell, 
sometimes known on the Net as "shooter," is also an intuitive,
well-equipped hacker who could crack into your information system faster 
than a thief can hot-wire a Boxster. In fact, in his 10-year stint as a 
security emissary, he has hacked into more than 700,000 systems. His 
personal intrusion speed record: Six seconds, when he tapped into a 
government site via a misconfigured firewall. 

700,000 systems .. think about it. Do the math and see how
many machines this entails a day. The claim of six seconds is equally 
ridiculous. It takes more than 6 seconds to portscan a computer and type
the command to exploit a remote service. Journalists need to realize
that fudging on figures does not make the article more impressive.


They constitue a new breed of good guys; they are hackers who are 
dedicated to fixing corporate America's security crisis.

New breed? These professional penetration teams have been
around for years.


In fact, the demand for these code pros is so extensive that helpful 
hacking teams have suddenly become the Web's most-wanted resource.
Hewlett-Packard and IBM are fielding high-level hacking teams, and 
security product manufacturers such as Secure Computing and Internet 
Security Systems are adding these organizations to their checklist of 
must-have security offerings.