Does my book do more harm than good?
The first time I discussed writing a book about the shortcomings of computer security with one of my bosses, we were having lunch in a Chinese restaurant eating won ton soup. After describing the book’s contents, a look of concern washed over his face.
“Are you sure writing a book is a good idea?” he questioned.
“What do you mean?” I asked.
“Some of what you know is very dangerous in the wrong hands.”
I paused for a moment to think about what he said. “What do you mean by dangerous in the wrong hands? Hackers already know a lot of this information.”
“No,” he said shaking his head, “not all hackers know what you know and on top of that, you’re telling them how and why it’s possible to avoid detection. Don’t you see a problem with that?”
“That’s definitely an issue, but don’t you think it’s a bigger issue that people don’t know the truth? Don’t you think people need to know that all of this computer security we rely on only works against amateurs?”
My boss put down his chopsticks and spoon, wiped his mouth and mustache with his napkin and placed the napkin beside his bowl. “Just be careful what you write [ Mister Reiner ],” he said with a stern look. “You don’t want to be responsible for creating an army of super hackers.”
Bill Mullins has an interesting post on his blog that brought back the memory of this lunch with my boss. I’m siding with Bill of course. It’s ridiculous for someone to suggest that Bill is part of the malware problem.