Feeds

Panda did not hire VXer

Chinese whispers whack facts on Fujacks black hat

Seven Steps to Software Security

Panda Security has reaffirmed its policy of not hiring hackers following incorrect reports that it had hired a infamous Chinese virus writer.

Li Jun, author of the Fujacks worm, "found a job with Panda following his recent release from prison", according to local reports. Not so, according to Panda Security chief exec Juan Santana, who explained that the confusion had arisen because Li had gotten a job with a local software distributor.

"[Li] does not work for Panda Security, and has never worked for Panda Security, either as an employee or as a consultant," Santana explained in a blog post. "We believe the confusion arises from a marketing initiative by a distributor of Panda China where Mr Li was involved. We have a policy whereby we do not and will not hire black-hat hackers and certainly not previously convicted hackers."

Panda was quick to reject attempts by local suspects in the Mariposa botnet case to get themselves hired by the Spanish security software firm, a development that had made the (incorrect) reports that it had hired the author of the Fujacks worm all the more surprising. Anti-virus firms are regularly accused, mostly in jest, of writing virus code themselves or hiring hackers to do it for them.

The truth is that the bad guys are producing more than enough malware variants to keep everyone busy. In addition, the skills that might be needed to write a virus are very different from the knowledge needed to reverse-engineer malware samples and produce an antidote.

Convicted virus authors ought to be allowed a chance at rehabilitation but finding work at an anti-virus firm is certainly not in the supplier's best interests especially since such a firm would generate tons of negative publicity, as a post by net security firm Sophos explains.

Most security software firms – even those outside anti-virus – are similarly not keen on the idea of hiring convicted cybercriminals while been more open to the idea of hiring more ethical white-hat hackers. Even hiring ethical hackers and hobbyists sometimes turns out badly, however.

Chris Soghoian earned notoriety by developing software that allowed users to print fake boarding passes for Northwest Airlines back in 2006, before later creating a map of where tubes of sexual lubricant Astroglide were shipped online – using data supplied by its manufacturer, Biofilm. Soghoian completed the latter exercise to illustrate a privacy concern. Although the exercise failed to result in any prosecution, it did result in a job offer from US consumer watchdog the Federal Trade Commission last year, which Soghoian accepted.

But there were culture clashes from the first day, with Soghoian refusing to submit to a fingerprint scan or complete a background check request. He also strayed from the corporate line by secretly taping Sprint executives talking about handing over customer GPS data at an industry-only conference.

Unsurprisingly, Soghoian's contract has not been renewed, as Forbes reports in greater depth here. ®

Mobile application security vulnerability report

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.