[ISN] In the security hot seat (was re: Symantec on crack)

InfoSec News isn at c4i.org
Sat Apr 23 08:14:22 EDT 2005


Forwarded from: security curmudgeon <jericho at attrition.org>
Cc: send-letters-to-news at cnet.com, tim_mather at symantec.com

In the security hot seat
By Eileen Yu
http://news.com.com/In+the+security+hot+seat/2008-7355_3-5681205.html
Story last modified Fri Apr 22 11:08:00 PDT 2005

Like most information security professionals, Tim Mather focuses on
keeping hackers out of his company's network and ensuring all systems
are updated with the latest patch.

And like most of his peers in the industry, he worries about the level
of sophistication of the next security attack and looks at what his
team needs to do to fend off the most vicious ones.

But the difference here is that Mather works for Symantec. As chief
information security officer at a company known for its antivirus
products, he faces challenges particular to his role.

[..]

Will you hire hackers to join your team? You know, so you can get them
off the streets?

Mather: No, absolutely not, absolutely not. Wouldn't even touch them
with a 10-foot pole.

[..]

--

Uh, excuse me? Is Tim Mather outright lying or completely ignorant of
who he works for? This crap he is peddling can't even be used for a
pathetic attempt at "plausable deniability". Hey Eileen, why didn't
you press this windbag on his lies?

http://www.symantec.com/press/2004/n040916b.html
Symantec to Acquire @stake

Hey Tim, who work[s|ed] at @stake? How did they build their name?
Hint: by hiring a well known group of HACKERS known as the "l0pht".
Weld Pond (not his real name), Dildog (not his real name), Mudge (not
his real name), et al ..  guess what, they are hackers. Some of them
work for Symantec.

http://www.symantec.com/press/2002/n020717.html
Symantec to Acquire SecurityFocus

Hey Tim, who work[s|ed] for SecurityFocus? Kevin Poulsen (sound
vaguely familiar?), Aleph1, Synapse, et al.. guess what, they too are
hackers. Some of them work for Symantec.


http://www.symantec.com/press/2002/n020717b.html
Symantec to Acquire Riptech

http://www.symantec.com/press/2002/n020717a.html
Symantec to Acquire Recourse Technologies

Think these companies were hacker free? I'll refrain from outting the
*hackers* that work for Symantec that are currently subscribed to ISN
(you know who you are!). And that is just the *beginning* of the
hacker stories centered around your company.

    "And this idea that they've reformed themselves--I don't buy it, not in
    the least." -- Tim Mather, Symantec

Yah.

--

[..]

In an interview with CNETAsia, Mather reveals that his company gets
inundated with a barrage of hacking attacks simply because of what it
is. Some of these attempts have gotten "pretty close," he says.

[..]

--

Where by "pretty close" you mean your main web page defaced, right?

08/02/1999: http://www.symantec.com
http://www.zone-h.org/en/defacements/view/id=2930/

And I guess the 'small business' page doesn't count?

01/20/2001: http://smallbiz.symantec.com
http://www.zone-h.org/en/defacements/view/id=12031/


I'm not sure who to laugh at more.. Tim or Eileen.

security curmudgeon

ps: i tried calling Tim, but only got his voice mail =(





More information about the ISN mailing list