SoylentNews is people
SoylentNews
from the METASPLOIT-SPAMTOILET-MOISTPLATE-MEATPISTOL dept.
At Defcon in Las Vegas last month, word rapidly spread that two speakers—members of Salesforce's internal "red team"—had been fired by a senior executive from Salesforce "as they left the stage." Those two speakers, who presented under their Twitter handles, were Josh "FuzzyNop" Schwartz, Salesforce's director of offensive security, and John Cramb, a senior offensive security engineer.
Schwartz and Cramb were presenting the details of their tool, called Meatpistol. It's a "modular malware implant framework" similar in intent to the Metasploit toolkit used by many penetration testers, except that Meatpistol is not a library of common exploits, and it is not intended for penetration testing. The tool was anticipated to be released as open source at the time of the presentation, but Salesforce has held back the code.
[...] Schwartz had reportedly gotten prior approval to speak at Defcon from Salesforce management, and he was working toward getting approval to open-source Meatpistol (which is currently in a very rough "alpha" state but was at use internally at Salesforce). But at the last moment, Salesforce's management team had a change of heart, and it was trying to get the talk pulled. As ZDNet's Zach Whittaker reports, a Salesforce executive sent a text message to Schwartz and Cramb an hour before their scheduled talk, telling the pair not to announce the public release of the code.
[...] A Salesforce spokesperson contacted by Ars would not comment, stating, "We don't comment on matters involving individual employees."
Source: Ars Technica
Also at ZDNet and The Register
(Score: 0) by Anonymous Coward on Friday August 11 2017, @10:03PM (8 children)
The best part is they can't take Meatpistol with them! Because it's not open source!! Their lives' work is proprietary!!! So fucked they are!!!!
(Score: 0) by Anonymous Coward on Friday August 11 2017, @10:05PM (5 children)
rename it. I suggest 'JustTheShaft' :)
(Score: 0) by Anonymous Coward on Friday August 11 2017, @10:12PM (4 children)
Non-disclosure, non-compete, not allowed to remember trade secrets, any open-source code they write from now to eternity will be copyright infringement, and they will be sued into oblivion. They will have to leave the industry entirely, and only as soon as they die in the gutter will Saleforce be safe from the threat these former employees represent.
(Score: 2) by bob_super on Friday August 11 2017, @11:06PM
They just need to be based in CA, where it's extremely hard to enforce overreaching NDAs, when they prevent people from using their expertise to make a living.
I know that well, since someone tried to prevent my boss from starting a company that would compete with them, after laying him off.
(Score: 2) by c0lo on Friday August 11 2017, @11:28PM
A copyright covers only the form of expression, not the idea behind.
Any NDA - protecting trade secrets - that I signed had an expiration period (at max 3 years) or I would not have signed it.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by RamiK on Friday August 11 2017, @11:35PM
I wonder how crazy one must need be to even consider trying to enforce non-compete clauses over ex red-team members. Like, you're firing your InfoSec people, and then you're denying them legitimate employment for the next 2-5years?
compiling...
(Score: 1) by khallow on Saturday August 12 2017, @01:54AM
And they'll eat his kids as they are born lest one, foretold by prophecy, grow up to overthrow the dominion of Salesforce. I liked that story too.
(Score: 2) by frojack on Saturday August 12 2017, @01:31AM (1 child)
Me: Fetching popcorn, waiting for the source code leak.
Likelyhood of these guys not having current copies tucked away on servers beyond reach seems vanishingly small.
That Salesforce has such hacking tools in active development can't be good for their image. (Other than their principal market is salesmen who we all know would never have a use for such things.)
No, you are mistaken. I've always had this sig.
(Score: 2) by kaszz on Saturday August 12 2017, @06:38AM
Doesn't matter if they have copies. It's the right to use the code or release it that will matter, unless they move to Russia..