Slash Boxes

SoylentNews is people

posted by martyb on Tuesday September 12 2017, @12:38PM   Printer-friendly
from the security-suggestions-are-cheaper-than-implementations-will-they-pay? dept.

HP Inc. has hired some "white hat superstars":

A trio of security researcher superstars -- including a one-time legendary teen hacker known as "Mafiaboy" who brought down some of the most popular sites on the internet, and a medical researcher who exposed a security hole that led to the recall of a half-million pacemakers -- are joining an HP Security Advisory Board aimed at making advances in the war against hackers.

HP announced the new panel of white hat security superstars at the start of its Reinvent worldwide partner conference Monday as part of its ongoing effort to deliver what it calls the most secure PCs and printers on the market. The members of the new board are chartered with providing "strategic input to HP's leadership team and security experts.

The three security superstars, who will receive honorariums for their service, include:

Michael Calce, who received the moniker "Mafiaboy" when as a 15-year-old in 2000 he shut down eBay, Yahoo and ETrade and others with a series of attacks. Calce – the chairman of the HP Security Advisory Board -- is now a white hat hacker who does penetration testing for companies.

Justine Bone, CEO of MedSec, whose firm exposed a security hole that led to the recall just last month by the U.S Food and Drug Administration of 496,000 pacemakers from Abbott, which has issued a firmware update. Bone is a controversial figure given her decision to proactively expose medical threats.

Robert Masse, who has been helping businesses stop security breaches as a strategic consultant for 20 years. Masse – who owned his own security consulting business – has agreed to donate his honorarium to charity and is participating separately from his duties as a partner for Deloitte Canada.

[...] The board is not a symbolic gesture but rather a real-world panel to help HP create more secure products, said Calce. "There is no smoke and mirrors here," he said. "The members I assembled are to offer the best advice and input that we possibly can for HP to really develop the most secure products that will impact the world and negate what is going on in terms of hacking worldwide."

Will this HP Security Advisory Board reinvent corporate computer security?

This isn't MafiaBoy's first involvement with HP. Previous articles.

Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Insightful) by Gaaark on Tuesday September 12 2017, @12:54PM

    by Gaaark (41) Subscriber Badge on Tuesday September 12 2017, @12:54PM (#566705) Homepage Journal

    Will anyone listen?
    If what they suggest for security is expensive, will HP push it?

    Dollars talk an awful lot and LOUDLY. They also shit on people and good ideas.

    "The three security superstars, who will receive honorariums for their service, include:"
    ---says a lot right there: we are not hiring them. We will only get advice from them and, well, ....... we'll see, won't we.

    --- That's not flying: that's... falling... with more luck than I have. ---
  • (Score: 2, Insightful) by Anonymous Coward on Tuesday September 12 2017, @01:20PM

    by Anonymous Coward on Tuesday September 12 2017, @01:20PM (#566711)

    I'm wondering how HP employees feel about this. Seems to me that it would be a morale killer -- after all, the ethical programmers within HP have probably been (for the most part) trying to do a good job while having to deal with the usual MBA bs...cutting budgets and lowering priority for anything that keeps the product from shipping. This would never have been a problem in the old HP, the company that built rock solid test equipment--those managers understood what it took to make a quality product.

    And now some outsiders are going to get all the glory for saying the obvious.

    If this new "Security Advisory Board" really wants to improve things, they will start by interviewing hard working lower level programmers. Find out first hand about the management changes needed to improve their ability to get things right the first time. But it's too late for this, for the current HP culture (imh AC o).

  • (Score: 2) by The Mighty Buzzard on Tuesday September 12 2017, @01:37PM (1 child)

    Fuck stardom. I want paid.

    My preferred pronouns are wetback/faggot/cunt. Your move.
    • (Score: 0) by Anonymous Coward on Tuesday September 12 2017, @05:30PM

      by Anonymous Coward on Tuesday September 12 2017, @05:30PM (#566863)

      Fuck your money. Pay me basic income.

  • (Score: 2) by Azuma Hazuki on Tuesday September 12 2017, @04:33PM

    by Azuma Hazuki (5086) Subscriber Badge on Tuesday September 12 2017, @04:33PM (#566818) Journal

    I guaran-damn-tee you most of the security issues would be fixed, or never have come up in the first place, if management would get the ever-loving hell out of the programmers' and engineers' way and let them do their jobs. There is something grimly amusing about management screwing up their tech peoples' workflow, preventing them from doing their jobs effectively, and then wondering why they're having problems...and then, as the dingleberry cherry on the turdpile sundae, *calling in external contractors* to fix it.

    It's a shame extroverts get so much social currency in this country.

    I am "that girl" your mother warned you about...
  • (Score: 3, Insightful) by crafoo on Tuesday September 12 2017, @10:19PM

    by crafoo (6639) on Tuesday September 12 2017, @10:19PM (#566987)

    I guess that's one way of admitting that HP has previously purged all of their technical know-how and now need to rebuild from the ground up.

    Real security probably comes from some seriously grueling trench work. What it probably takes is day-in, day-out attention to detail, fuzzing your own software, and checking over hot-spots with analysis tools. Of course some people with knowledge of good architecture design in terms of security would be good too. But I'm sure they were all let go when HP became a printer cartridge manufacturing company.

  • (Score: 0) by Anonymous Coward on Wednesday September 13 2017, @01:06PM (1 child)

    by Anonymous Coward on Wednesday September 13 2017, @01:06PM (#567202)

    maybe if HP would stop using that car that is sprayed in DMCA-grey color that has a engine welded shut inside a cast iron box
    with a sticker that sayz "no source-code available (unless government requested)" and randomly demands and pulls over for oil-changes whilst taking some insulin
    deprived person to the hospital ... superstars can make a difference?

    else it's like training dolphins to save drowning people .. in the desert?

    • (Score: 0) by Anonymous Coward on Wednesday September 13 2017, @01:10PM

      by Anonymous Coward on Wednesday September 13 2017, @01:10PM (#567203)

      no, no. all wrong printers will be safe and secure once the printer-driver package blows past the 500 MB downloaded size .. in zipped format!