Paul 'Tony' Watson Interviewed 77
An anonymous reader writes "Whitedust is running an interview with Paul Watson. Watson, who discovered a flaw in TCP/IP that could allow attackers to reset connections last year, made a splash with the media. He talks about how he got his start in computer security, as part of the early warez scene, his work in the Air Force and the US Government, and his current projects. He is now working at the leading search engine in the world, Google."
Geek Orgasm (Score:5, Insightful)
The government's hiring practices hurt security (Score:5, Insightful)
Our government will put people getting $50-$60K into a jet that costs $2B to build and that can carry very large nuclear payloads. They nearly crippled our navy's ability to wage war on other naval power through the SmartShip program, all because they wanted to save on the cost of a sysadmin's salary.
I'm a libertarian by persuasion and I want the government buying the very best and being competitive in its core competencies. I want them to hire the best and brightest, and pay them accordingly because it's cheaper to pay someone an above fair market wage to get the best talent than to have someone do billions of damage to your country's networks. Saving money should be secondary to the government getting everything it needs to carry out its core missions.
Someone who brings a tremendous wealth of networking experience should be elligible for a six digit salary starting out, just as they would in the private sector. I have no problem paying someone who's extremely good at computer security several hundred thousand dollars to do federal network security because as I said, it's cheaper to pay for good people who'll get the job done right.
We also need fewer regulations that protect job security. People who don't do jack shit for the public should be kicked to the curb even faster than they would in the private sector.
Re:Geek Orgasm (Score:3, Insightful)
Re:Geek Orgasm (Score:3, Insightful)
Yes, they do. Most if not all are amazing. But do they produce profit for Google? Not very many. Google stock is over-priced, and there will be an adjustment when people start to scale down their expectations to realistic levels.
Re:Discovered? (Score:4, Insightful)
Re:Discovered? (Score:5, Insightful)
It really has bugged me, in the past, that all the popular operating systems assign outgoing ports sequentially. This especially causes problems with net-booted systems, because if the system gets interrupted part-way into the initial network transfer, the routers get really confused because on retry, all the source port and sequence numbers are the same! I've had problems with this before (I design software for embedded systems), and I think this is when I first "discovered", like this guy did, how relatively easy it is to perform TCP RST attacks under some circumstances.
Re:Geek Orgasm (Score:3, Insightful)
They don't need very many. They are already super-profitable.
"Google stock is over-priced, and there will be an adjustment when people start to scale down their expectations to realistic levels."
No question about that. However, this is not the fault of Google, but of the market. This is like RedHat. They have _always_ been a solid company. They have not always been a good stock, but that has nothing to do with their performance as a company, but with the market being stupid.