Forgot your password?
Security Businesses

Symantec Acquires @Stake 134

Posted by timothy
from the assimilation dept.
halligas writes "You may have noticed that last month McAfee acquired security firm Foundstone. Not to be outdone, McAfee rival Symantec has gone out a bought up their very own bunch of hackers, @Stake."
This discussion has been archived. No new comments can be posted.

Symantec Acquires @Stake

Comments Filter:
  • Sorry (Score:4, Funny)

    by Anonymous Coward on Friday September 17, 2004 @05:01PM (#10280350)
    Well, of course. Symantec has a lot at stake.
  • by Anonymous Coward on Friday September 17, 2004 @05:01PM (#10280352)
    Start your company/product with an @. First it was @Guard (today's Norton firewall), now it's @Stake. You could be next to cash in!
  • by E-Rock (84950) on Friday September 17, 2004 @05:02PM (#10280360) Homepage
    Anyone else shedding a tear at what l0pht heavy industries has become?
    • by joeflies (529536) on Friday September 17, 2004 @05:05PM (#10280386)
      they've found a way to legally make money hacking?
    • by Anonymous Coward
      Hummm... "Symantec L0phtcrack" Just doesn't have the same kind of ring, or trusability that it had before...
    • by juuri (7678)
      They started down this path the second the whole @stake thing came about. In reality while they would like to think they were different than klaus and ISS they were actually the same.


      But hey we all gotta pay the bills eventually.
      • by E-Rock (84950)
        I don't know. Working for Symantec seems dirtier than the whole @stake thing, but you're right this is the path they took when they merged/formed/got bought/whatever with @stake.

        As long as the cDC ninja strike [] force is still up I'll always keep my fond memories.
      • Re:No. (Score:5, Insightful)

        by networkBoy (774728) on Friday September 17, 2004 @05:56PM (#10280772) Homepage Journal

        I've got to disagree here. I think that the best thing a genuine hacker can do is to join into the industry as a position of influence. While a single individual has little influence preaching to the choir here on /. we [hacker community] do have power and influence once we enter the professional world. While we can not make single huge altruistic decisions that affect the world in a big way, we can steer our small portion of the world into the right direction, one little nudge at a time.

        Think of it this way: The Exploratorium in San Francisco is a museum dedicated to science (recommended visit if you are ever in the city). They have an exhibit where a one ton concrete pillar is suspended by a chain from an arched support. A steel band girdles the pillar. All around the exhibit is a handrail so you can not touch the pillar directly. There are many small/weak refrigerator magnets on strings at the handrail. The "object" is to effect a movement on the pillar using these weak magnets. It takes time and patience, but I've successfully made the pillar nearly hit the handrail (it's designed so the pillar will not reach the rail to prevent the real possibility of injury).

        We hackers in industry, @stake included, are those little magnets. Given time and direction we can achieve anything. For example I am nudging the division of my employer I work at to provide OSS drivers and code for the one product family I work with. The fear is that by OS'ing our drivers we'll allow competitors too much visibility into our product. My response was that we can release a binary and an OSS layer of source to interface that binary to the kernel. I've been gaining ground slowly, but I work in a very large company so change is slow. Eventually I hope to propagate this to other groups.

        • Dang, you may as well be a Hare Krishna trying to slowly convert everyone in your company. About as appropriate. What does this have to do with the goals of the organization? No wonder suits think us geeks have no business sense. We don't, we're too caught up in our kooky little invented pseudo-causes/religions. And then we bitch about our jobs going away. The foolhardy FOSS zealotry on here is self-destructive, and damages us all.
          • Actually I have plenty business sense. If my product is better supported than all of my competitors products then I'm likely to sell more. I work for a hardware company. The more chips we sell the bigger my profit sharing check is.
    • by Anonymous Coward on Friday September 17, 2004 @05:22PM (#10280528)
      @stake != l0pht

      l0pht is long over.
    • by spacerog (692065) <spacerog&spacerogue,net> on Friday September 17, 2004 @06:05PM (#10280841) Homepage Journal

      L0pht =! @Stake
      and is hasn't for a long time. I think there is only one original L0pht person left at @snake.

      It is unlikely any of the L0pht folks, or anyone not currently employed there will get anything out of this deal. All the money will most likely end up in the pockets of the VC. I know I don't get squat. (Anyone got a cool job they need filled? or even an uncool one?)

      No one at L0pht ever said we could shut down the Internet with "the push of a button". It was 30 minutes. Using a router reset vulnerability that would cascade and confuse the major backbone providers, which has since been patched.

      I tried to resurect HNN earlier this year but it seems no one was interested. or maybe I didn't advertise it well enough either way the traffic was abysml and I couldn't afford to keep it going. The WMA was taken over by Freaks Mac Archives long ago.

      I submitted this exact same story to /. about 12 hours ago and it was regected. Maybe becuase I wasn't too polite in my descriptions of certian companies. Hmmmm, sounds familiar.

      What has been most interesting is to see technology advance and realize that "Hey, L0pht thought of that 5 years ago." But due to lack of funds we could never make it happen. Of course after we got the money we no longer had control and can only sit back and watch as other people devloped our ideas. Sigh.

      - SR []

      • I'm sorry to see how things have gone.

        I remember enjoying your articles on HNN what seems like ages ago, but you're right--many such things seem to be falling by the wayside.

        I've long felt like @stake "sold out" (IIRC, it seemed like things went to crap just about when HNN stopped) and now I know why--they don't seem to have much of anyone left with a clue in control.

        Wish I knew how to help--I liked HNN. It was a lot more informative than almost anything published, and all the mailing lists are filling
      • I'm dying for a mature, pre-@stake-like HNN to return. Unfortunately, I must've missed the segments on Slashdot and CNN about Hacker Intel, so I didn't even have a chance to register my happiness.
      • Wish I had know you had tried to restart HNN. I read that for years (and contributed on a semi regular basis). HNN was far superior to /. at least IMHO.

        I miss it.
      • Back in the day I was addicted to HNN[*], and actually submitted stuff a fair bit. [You even used it occasionally. :)] If I had known that you were relaunching I would have been reading it.

    • Very sad to see what l0pht has turned into
    • No, I'm laughing.

      I wonder if Mudge will have to use his real name?

    • Yeah. They totally sold out to the man.
  • Outcomes ? (Score:5, Interesting)

    by SpamKu (809119) on Friday September 17, 2004 @05:03PM (#10280366)
    I wonder what effect this will have on the ability of either parent company to provide better security/AV protection. IMO, Symantec has a faster response to secrity threats.

    Will these aquisitions reinforce this mode for symantec or result in McAfee getting a bit better?
    • I wonder what effect this will have on the ability of either parent company to covertly create new viruses (and then be the first to provide protection) ?

      Oh come on, am I the only cynical one when it comes to antivirus vendors?
    • Re:Outcomes ? (Score:4, Insightful)

      by Martin Blank (154261) on Friday September 17, 2004 @05:47PM (#10280707) Journal
      Considering how dead @Stake has been since they changed their name (aside from a couple of minor tool releases [LC4 notwithstanding], some me-too advisories, and an attempt to launch a quarterly security magazine for WAY too much money), I don't think it will change anything other than a few bank accounts.
  • by Anonymous Coward on Friday September 17, 2004 @05:04PM (#10280370)
    So who is going to buy Cult of the Dead Cow?
  • by ARRRLovin (807926) on Friday September 17, 2004 @05:04PM (#10280373)
    .......from this Windows2000 box with Symantec LC5." Man.......that just sounds.....odd.
  • by Eberlin (570874) on Friday September 17, 2004 @05:06PM (#10280402) Homepage
    Wasn't @stake originally some other black-hat-ish l0pth or something? Next thing you know, virus/worm writers will start asking for employment at anti-virus/security firms. :)
  • by PreDefined (787636) on Friday September 17, 2004 @05:07PM (#10280409)
    It's been a while...

    I used to read HNN at school during lunch time.

    The change in direction to it being simply @Stake was already a early sign of its new approach to bring in a more conservative audience.
  • by Anonymous Coward
    Damn thing, Its been sat on my hard drive since sp1 arrived (it was an sp1 serial changing howto document, html format), the new definitions picked it up and cleaned it out.

    Detected as "Hack tool". First ever time my weekly scan has picked up anything :(

    Not that I'm annoyed or anything.
    • by Anonymous Coward
      this is why you should NEVER set a virus scanner to auto delete
      • I wonder how many people are now diving into nortons config to double check their settings?

        • I wonder how many people are, like me, mumbling something about Linux and snickering.

          *mmrrmmmrr* Linux *MMmmmrmrrmM*
          • For as long as users can access their machines there will be rouge trojans and virii.

            I doubt any operating system could stop it. If you put too many hoops into software for the sake of security, the user will look elsewhere.

            It won't be long now until Symantec or one of the other big players brings out a linux scanner and client. The novices will NEED something to watch over their shoulders.

            With geeks like ourselves, we can run securely and sensibly on any operating system and not fall into the silly tr
            • Things are exactly where they should be.

              The calm before the storm. I sense a reinstall coming.

            • You shouldn't. Just like I will alwyas run a windows box in addition to my linux box. For some tasks, I'm simply more productive in windows, and for some I'm more productive in linux.

              And now, I am about to be flamed and proably drawn and quartered... *douses self with kerosine and awaits the inevitable*
            • It has everything configured exactly as I want it, it runs everything I want it to run without complaint or prompting. I can download or buy whatever software I need for it. Things are exactly where they should be.

              I am productive on this machine.

              Food for thought: how long would it take you to go from a fresh install to that setup? Sure, you can make a comfy environment in just about anything if you're competent, but my criterion for choosing a distribution (or an OS) is: How much work is it to get from "

              • Approximately 2-3 hours to get in a code building, comfortable state (Possibly less now, last time was on a slower drive).

                All required applications are on, all accessories are ready, things are configured and look as I expect them.
                I am able to go on the internet and configure my system and user preferences after about 35 minutes, installers just run in the background.

                I have everything prepared, though in the last 3 years I have only rebuilt this machine once, and that was just OS partition.

                Once the main
  • by octaene (171858) <> on Friday September 17, 2004 @05:12PM (#10280444) Homepage

    Since they gave him the boot [] while licking Microsoft's arse cheeks...

    • by waspleg (316038) on Friday September 17, 2004 @05:42PM (#10280677) Journal
      An @stake official, who spoke on condition of anonymity, confirmed that Geer was fired and said that as a corporate officer he should have known that Microsoft was a client of the company. "It's not a matter of the content of the report; it's a matter of ethics and respect for clients," the official said.

      ethics and respect? ahahahah

  • @stake (Score:4, Insightful)

    by Paralizer (792155) on Friday September 17, 2004 @05:17PM (#10280489) Homepage
    IIRC, @Stake used to be the hacker group l0pht which claimed they were able to "shut down the internet with the tap of a button". It's interesting that Symantec has aquired this group, its a bit ironic.
    • Re:@stake (Score:2, Funny)

      by Anonymous Coward
      in other news: symantec plans to shut down internet!
    • Re:@stake (Score:3, Insightful)

      by EllF (205050)
      @stake was never the l0pht guys. The l0pht was the heart of @stake's R&D department, but there are many more people involved with that company than just the 10 or so guys who make up what's left of the hacker group. The whole "shut down the internet" thing was also part of a testimony to Congress, when they were discussing the lack of appropriate security for critical networks and systems. It wasn't just a Usenet boast. :)
    • They said they could take down the Internet in 30 minutes by confusing core routers with a now-outdated vulnerability.

      @stake sold out ages ago, after firing one of the last l0pht people because he put out a report critical of Microsoft, one of their clients...
  • l0pht0r (Score:4, Interesting)

    by Anonymous Coward on Friday September 17, 2004 @05:21PM (#10280520)
    I think the only thing with l0pht is, if they wanted to remain l0pht, they should have kept that aspect outside of work.

    I never understood how a 'hacker group' could merge with a legit company. The members of the group maybe, but MERGE a group with a company is alittle odd. In other words, l0pht should still be around, outside of @Stake. But i'm sure that would be a conflict of interest...or something like that.

    I reality, l0pht was cool, but there was plenty of other stuff out there and good for them for cashing in. All everyone seems to want to do is call them sellouts because they did something innovative and got paid for it, instead of sitting behind a desk as a sysadmin for the rest of their lives doing jack shit complaining about everyone in their league who went on a limb and took a real chance. Good for the old l0pht crew.

    • l0pht had to recognize that they had some seriously marketable skills and that they required a complete makeover to become salable to the corporate crowd.

      I remember that I was in the habit of creeping around the archives in the old l0pht site (something about the notebooks of aleister crowley). One day I go to and I'm re-directed to

      It was pretty fascinating how they had lined up all sorts of phd's and illuminaries to dress up their organization. There was still something of a link
  • by AkaiTora1337 (814433) on Friday September 17, 2004 @05:24PM (#10280538)
    McAfee rival Symantec has gone out a bought up their very own bunch of hackers, @Stake.

    What in the world does it mean to have "gone out a bought up" something?
    • My brain autocorrected the "a" with "and".
    • by Anonymous Coward
      Have you heard of "Internet", where dumb southerners have just as much power to post stories as their northern-counterparts?
    • That's a typo. I believe they meant:
      McAfee rival Symantec has gone out and bought up their very own bunch of hackers, @Stake.
      instead of:
      McAfee rival Symantec has gone out a bought up their very own bunch of hackers, @Stake.

      What a dumbass.
  • of what they bought will be a piece of crap, like they did with AtGuard (now symantec firewall)...

    Why keep it simple, if they can make buggy and obfuscated?

  • Hmm (Score:2, Interesting)

    by methodic (253493)
    I think hindsignt will be 20/20 for the l0pht guys -- usually with big business comes big politicking. At least as a smaller entity, they were able to do things their way. Things never stay the same when getting acquired by a larger company. Anyone who has had it happen to them, Im sure can attest. In 99% of all buy-out's, things turn for the worst.
    • I suppose we could ask the Ximian folks how the Novell/Suse/Ximian family is working out.

      In a somewhat-related note, are any of l0pth's stuff open source? I think I tried looking through for l0pthcrack or something to see if it was GPLed but didn't dig far enough.

      The more I see these acquisitions happening, the more I'm appreciating the concept of the GPL.
      • Re:Hmm (Score:2, Interesting)

        by methodic (253493)
        Well open-source arena is kind of a different ball-game -- with the l0pht acquisition, you're talking about hacking and security, which is a very sensitive arena nowadays....

        I remember working at a "Security" shop (that were recently acquired by Verisign), and at my time there I found numerous holes in software we used in house. Now, I'm all about full-disclosure and such, and so I had prepared a few advisories on these softwares, only to have my manager tell me it would be "bad for everyone" if I had rele
        • Office politics has never been one of my favorite things. To sacrifice product quality for "looking bad" is all too common in the biz world and it makes me cringe. To be put in the spot you were in must have been incredibly stressful -- ethics on one side and survival on the other.

          Putting l0pth in the OSS arena was a long shot on my part, but I figured there are security/AV tools out there that are in the OSS world. Clam AV, Nessus, Nmap, Snort, to name a few. Open the product, sell services...the busi
    • Re:Hmm (Score:4, Interesting)

      by EllF (205050) <kevin.thehipgamer@com> on Friday September 17, 2004 @05:53PM (#10280743) Homepage
      However, @stake has been 'big business' for a long time. I worked there in 2000, and they were just topping the 400-person mark when I left, spread across 2 continents.

      They also let a lot of "non-business-compatible" people go; Space Rogue for not toeing the line with the rest of the l0pht guys, Daniel Greer for openly criticizing Microsoft in a paper he published on his own time, etc.

      • I think it's dubious you worked there - @stake is around 120 people, and has been for some time, and it's Dan Geer, not Greer.

        • by EllF (205050)

          The Greer/Geer was a typo. As far as the size, I may have been misinformed; Chris was still the CEO when I left, and I was chatting about the organizational size with one of the guys who was heading out to London. It could well have been a discussion regarding how large he -thought- the company was going to become.

          Oh, and say hello to Halsey for me.

  • Gee, maybe they'll hire me now. Nice offices. Small, but nite. Kendall is really the place I'd like to work.
  • by JamesP (688957)
    It's sad when a bunch of hackers goes the Way of the Tie...

    Godspeed, fellas...

    (sorry, had to say it)
  • Quibble (Score:1, Interesting)

    by Anonymous Coward
    aCquire not aquire
  • Good and bad (Score:4, Interesting)

    by endus (698588) on Friday September 17, 2004 @05:47PM (#10280710)
    As far as the l0pht, good for them. Being broke all the time sucks. If you can make money and still maintain a level of integrity...i.e. walk the line between the corporate world and the world where people have integrity, and keep both feet on the integrity side, then as far as I'm concerned you're doing pretty well. From what I knew @Stake was doing that (and charging some serious fees...good for them!)

    The bad though is @Stake being bought by Smantec. That is *not* a good thing. As I said, @Stake seemed to have some itegrity and Symantec...well they have *some* integrity, but not as much as they probably should. I don't see why @Stake couldn't/shouldn't continue on it's own. I think there's a line where the decision is whether to cash in or to preserve the company, and I think they crossed it. @Stake seemed to be a somewhat unique company and it seems like that is going to be lost in this. I guess we'll see.
    • Re:Good and bad (Score:3, Insightful)

      by anubi (640541)
      They just bought the company name.

      Whether or not they can use the actual knowledge of the people who made up that company is yet to be seen.

      It has just been in my experience that often when a larger company takes over a smaller one, often management egos and power interfere with creativity and the first ones to leave are the creative genius that made the company mean something in the first place.

      In my career, I have seen this happen dozens of times. It happened at two places I personally worked. When t

      • Re:Good and bad (Score:2, Insightful)

        by Code Dark (709837)
        You seem to think that they are doing this with integrity in mind. Although I agree that @Stake is a good, integrity-filled organization (at the moment, anyway), but that doesn't necessarily have to change with Symantec taking them over. Also, remember that they aren't doing this for fame, honor, anything; they're doing this for money.
      • by xeno (2667)
        Just to clarify, no.

        Reading from the paperwork that I can discuss, the current plans indicate that @stake will cease to exist as a named entity on Oct 7, and become part of Symantec Security Services. They did not "buy the name" in the traditional sense, which is kind of odd, given their co-branding success with Norton.

    • by Trillan (597339)

      Integrity? Are we talking about the same @stake here? The ones with a long-standing habit of informing developers of security issues by going to the media and hoping that the developers happen to read one of the articles? That @stake?

      They'll fit in perfectly at Symantec.

  • by EightBits (61345)
    You know, I have heard so many conspiracy theories about anti-virus companys. You know, the old capitalist world domination arguments like, "They write half the viruses out there and have the antidote waiting so you have to buy their product."

    While I never really jump into those and at the same time never really discount them, the first thing I thought when I read this was, "What an efficient way to write better viruses." I'm not pointing fingers or trying to start rumors. Just sharing a thought . . . t
  • many great companies been aquired and... well.. you decide how their products have faired under norton. ourceid=firefox&start=0&start=0&ie=utf-8&oe=ut f-8 []

    I wasn't happy when ghost was bought out, same with quarterdeck- looking back i'm still not happy about it.

    @stake-- best of luck to you.
  • As far as I know, all of the members of L0pht have long ago left @Stake, with the possible exception of Chris Wysopal (Weld Pond).
  • Since Microsoft has vowed to incorporate anti-virus software into coming versions of Windows, does it make sense for current anti-virus vendors to bet the future on that type of product?

    On the one hand, this seems like a rehash of Microsoft incorporating IE (ay-eee!) into the OS for free, scuttling (so it seemed) Netscape. On the other hand, maybe Microsoft's anti-virus efforts will be as ham-fisted as their security efforts.

    But I don't think so. I think that top-to-bottom security is a mind-bogglingly co

  • Okay, Ive had discussions with the @stake folks before [], I'm glad they finally cashed out. Please note that my email is roughly the same in this discussion from back in 1998. [] (see above). They never really had the knack for security then, who knows what they do now.

Live within your income, even if you have to borrow to do so. -- Josh Billings