Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 13 submissions in the queue.
posted by martyb on Friday August 11, @09:50PM   Printer-friendly
from the METASPLOIT-SPAMTOILET-MOISTPLATE-MEATPISTOL dept.

At Defcon in Las Vegas last month, word rapidly spread that two speakers—members of Salesforce's internal "red team"—had been fired by a senior executive from Salesforce "as they left the stage." Those two speakers, who presented under their Twitter handles, were Josh "FuzzyNop" Schwartz, Salesforce's director of offensive security, and John Cramb, a senior offensive security engineer.

Schwartz and Cramb were presenting the details of their tool, called Meatpistol. It's a "modular malware implant framework" similar in intent to the Metasploit toolkit used by many penetration testers, except that Meatpistol is not a library of common exploits, and it is not intended for penetration testing. The tool was anticipated to be released as open source at the time of the presentation, but Salesforce has held back the code.

[...] Schwartz had reportedly gotten prior approval to speak at Defcon from Salesforce management, and he was working toward getting approval to open-source Meatpistol (which is currently in a very rough "alpha" state but was at use internally at Salesforce). But at the last moment, Salesforce's management team had a change of heart, and it was trying to get the talk pulled. As ZDNet's Zach Whittaker reports, a Salesforce executive sent a text message to Schwartz and Cramb an hour before their scheduled talk, telling the pair not to announce the public release of the code.

[...] A Salesforce spokesperson contacted by Ars would not comment, stating, "We don't comment on matters involving individual employees."

Source: Ars Technica

Also at ZDNet and The Register


Original Submission

Display Options Threshold/Breakthrough

Reply to Article

Mark All as Read

Mark All as Unread

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 3, Funny) by Snotnose on Friday August 11, @09:53PM (2 children)

    by Snotnose (1623) on Friday August 11, @09:53PM (#552604)

    In fact, I suspect they're biggest danger is if the pile of job offers collapses on them and breaks their necks.

    • (Score: 0) by Anonymous Coward on Friday August 11, @09:57PM (1 child)

      by Anonymous Coward on Friday August 11, @09:57PM (#552607)

      Well, yeah. They're not old like you. Like you keep saying, you don't get offers, old man. Youth is the only skill that matters, and you just didn't keep your youth up.

      • (Score: 0) by Anonymous Coward on Friday August 11, @10:32PM

        by Anonymous Coward on Friday August 11, @10:32PM (#552624)

        You're right. You should kill yourself now while you're still young, and avoid oldness.

  • (Score: -1, Flamebait) by Anonymous Coward on Friday August 11, @09:59PM

    by Anonymous Coward on Friday August 11, @09:59PM (#552608)

    Don't do anything for anyone ever. Absolutely everyone is an ungrateful nigger.

  • (Score: 0) by Anonymous Coward on Friday August 11, @10:03PM (8 children)

    by Anonymous Coward on Friday August 11, @10:03PM (#552610)

    The best part is they can't take Meatpistol with them! Because it's not open source!! Their lives' work is proprietary!!! So fucked they are!!!!

    • (Score: 0) by Anonymous Coward on Friday August 11, @10:05PM (5 children)

      by Anonymous Coward on Friday August 11, @10:05PM (#552612)

      rename it. I suggest 'JustTheShaft' :)

      • (Score: 0) by Anonymous Coward on Friday August 11, @10:12PM (4 children)

        by Anonymous Coward on Friday August 11, @10:12PM (#552615)

        Non-disclosure, non-compete, not allowed to remember trade secrets, any open-source code they write from now to eternity will be copyright infringement, and they will be sued into oblivion. They will have to leave the industry entirely, and only as soon as they die in the gutter will Saleforce be safe from the threat these former employees represent.

        • (Score: 2) by bob_super on Friday August 11, @11:06PM

          by bob_super (1357) on Friday August 11, @11:06PM (#552629)

          They just need to be based in CA, where it's extremely hard to enforce overreaching NDAs, when they prevent people from using their expertise to make a living.
          I know that well, since someone tried to prevent my boss from starting a company that would compete with them, after laying him off.

        • (Score: 2) by c0lo on Friday August 11, @11:28PM

          by c0lo (156) Subscriber Badge on Friday August 11, @11:28PM (#552634)

          any open-source code they write from now to eternity will be copyright infringement

          A copyright covers only the form of expression, not the idea behind.
          Any NDA - protecting trade secrets - that I signed had an expiration period (at max 3 years) or I would not have signed it.

        • (Score: 2) by RamiK on Friday August 11, @11:35PM

          by RamiK (1813) on Friday August 11, @11:35PM (#552635)

          I wonder how crazy one must need be to even consider trying to enforce non-compete clauses over ex red-team members. Like, you're firing your InfoSec people, and then you're denying them legitimate employment for the next 2-5years?

          --
          compiling...
        • (Score: 1) by khallow on Saturday August 12, @01:54AM

          by khallow (3766) Subscriber Badge on Saturday August 12, @01:54AM (#552689) Journal

          Non-disclosure, non-compete, not allowed to remember trade secrets, any open-source code they write from now to eternity will be copyright infringement, and they will be sued into oblivion. They will have to leave the industry entirely, and only as soon as they die in the gutter will Saleforce be safe from the threat these former employees represent.

          And they'll eat his kids as they are born lest one, foretold by prophecy, grow up to overthrow the dominion of Salesforce. I liked that story too.

    • (Score: 2) by frojack on Saturday August 12, @01:31AM (1 child)

      by frojack (1554) Subscriber Badge on Saturday August 12, @01:31AM (#552677) Journal

      Because it's not open source!!

      Me: Fetching popcorn, waiting for the source code leak.

      Likelyhood of these guys not having current copies tucked away on servers beyond reach seems vanishingly small.

      That Salesforce has such hacking tools in active development can't be good for their image. (Other than their principal market is salesmen who we all know would never have a use for such things.)

      --
      No, you are mistaken. I've always had this sig.
      • (Score: 2) by kaszz on Saturday August 12, @06:38AM

        by kaszz (4211) on Saturday August 12, @06:38AM (#552774) Journal

        Doesn't matter if they have copies. It's the right to use the code or release it that will matter, unless they move to Russia..

  • (Score: 4, Insightful) by jmorris on Friday August 11, @11:26PM (3 children)

    by jmorris (4844) Subscriber Badge <jmorrisNO@SPAMbeau.org> on Friday August 11, @11:26PM (#552633)

    Just looking at the slides and think these retards escaped from AOL last week or something. About the only thing missing was some 133t speak or a cultural ref to Hackers or some crap. Why do all "hackers" have to project as retards? Makes the whole industry look bad.

    If they got canned for making Salesforce look like the kind of place that hires retards and risked scaring away serious customers it is understandable. But it only raises the question of whether anyone noticed they had total spazzed out 'tards working for them for years... and why not?

    • (Score: 4, Informative) by LoRdTAW on Friday August 11, @11:57PM

      by LoRdTAW (3755) Subscriber Badge on Friday August 11, @11:57PM (#552642)

      At first I thought you were doing your usual fly off the handle bit but then I had a look at the presentation. Holy shit is it bad. It comes off as a really bad attempt humor laced with memes, video game and pop culture references. I am all for doing something different and attention grabbing or creative but this is just try hard fail.

    • (Score: 3, Informative) by captain normal on Saturday August 12, @04:47AM (1 child)

      by captain normal (2205) on Saturday August 12, @04:47AM (#552730)

      Wow...for once I find I agree with jmorris. How the H-E- double toothpicks did these guys ever get such a position at Salesforce? Then again I've actually known a couple of people hired by Salesforce. They were not the sharpest tacks in the box by any means.

      • (Score: 0) by Anonymous Coward on Saturday August 12, @08:35PM

        by Anonymous Coward on Saturday August 12, @08:35PM (#552955)

        When building such a massive system you don't want the best, you want those competent enough to do the work and unaware enough to not figure out all the nasty shit going on.

  • (Score: 1) by liberza on Saturday August 12, @01:17AM (1 child)

    by liberza (6137) on Saturday August 12, @01:17AM (#552668)

    I'd offer them a job based on the awesome name alone. Every time I see the word metasploit I'll be thinking of meat pistols now...

  • (Score: 2) by kaszz on Saturday August 12, @06:49AM

    by kaszz (4211) on Saturday August 12, @06:49AM (#552775) Journal

    Silicon Graphics, Inc had a employee named Dan that together with Wietse at IBM wrote the security scanner tool SATAN [wikipedia.org]. For which Dan was subsequently terminated for.

    Not much SGI these days.. :P

(1)