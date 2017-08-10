Salesforce Fires Red Team Staffers Who Gave Defcon Talk (zdnet.com) 25
Josh Schwartz, Salesforce's director of offensive security, and John Cramb, a senior offensive security engineer, have been fired by the company after they gave talk at the Defcon security conference talk in Las Vegas last month, reports ZDNet. Schwartz and Cramb were presenting the details of their tool, called Meatpistol, a "modular malware implant framework (PDF)" similar in intent to the Metasploit toolkit used by many penetration testers. The tool, "pitched as taking 'the boring work' out of pen-testing to make red teams, including at Salesforce, more efficient and effective", was anticipated to be released as open source at the time of the presentation, but Salesforce has held back the code. From the report: [...] The two were fired "as soon as they got off stage" by a senior Salesforce executive, according to one of several people who witnessed the firing and offered their accounts. The unnamed Salesforce executive is said to have sent a text message to the duo half an hour before they were expected on stage to not to give the talk, but the message wasn't seen until after the talk had ended. The talk had been months in the making. Salesforce executives were first made aware of the project in a February meeting, and they had signed off on the project, according to one person with knowledge of the meeting. The tool was expected to be released later as an open-source project, allowing other red teams to use the project in their own companies. But in another text message seen by Schwartz and Cramb an hour before their talk, the same Salesforce executive told the speakers that they should not announce the public release of the code, despite a publicized and widely anticipated release. Later, on stage, Schwartz told attendees that he would fight to get the tool published.
Run up the mini bar bill and bill some table time as well They don't work there any more so TS!
So are you suggesting they waste their own money (now that they are jobless), or that they commit fraud and wind up arrested in addition to being jobless?
What I don't understand is why I'm asked to give 2 weeks notice when I quit, while companies will never tell you until 5 minutes before they escort you out. Fuck that.
Well, at least around here, if I give them two weeks notice, then I'll give them two weeks of my time.
If they lay me off, they will give me 6 months of pay.
I don't mind being kicked out of the building, I care about my pay.
If the guy is a director level employee, I wager he has a employment services contract and is therefore not at-will. On the side note, a bunch of lawyers are going to get richer off this.
Unrealistic expectations (Score:5, Insightful)
The unnamed Salesforce executive is said to have sent a text message to the duo half an hour before they were expected on stage to not to give the talk, but the message wasn't seen until after the talk had ended.
If course it wasn't seen. You don't carry anything electronic at Defcon. That executive is an idiot.
That executive is an idiot.
Aren't they all?
Of course not, they have mad visionary skills, they gots the gap performance evaluations and the stretch goals. You are all not l33t compared to them. You are too stupid to get it.
If course it wasn't seen. You don't carry anything electronic at Defcon. That executive is an idiot.
Agreed. Signing off on it by the executive is fait accomplit. Withdrawing permission the day of a conference is Not an option. The executive should be fired. Josh Schwartz and John Cramb should be reinstated AND publicly apologized to, AND each awarded a huge bonus for that bullshit.
Also, for some reason Meatpistol sounds like a good name for a metal album, or maybe even the band.
We have a band that covers this... GWAR.
Shitting on everyone at defcon and then firing your lead security engineers.
Unlikely. The summary said it was expected to be released as open source.
Most likely, they knew there was a political battle over open sourcing, and they were pushing for it.
It sounds like the release was green-lighted before management changed their minds.
And yeah, waiting until the last minute to tell them was very stupid. Who the hell is going to take a phone to Defcon? At least, not without pulling the battery first. Certainly not your senior security personnel.
It said 'later on stage', so they might have learned after the fact and decided to fight then.
Of course, it's hard to imagine they would be completely oblivious to what was likely a controversial discussion...
Since TFS states, "Later, on stage, Schwartz told attendees that he would fight to get the tool published.", clearly you need to work on your reading comprehension.
What?! The executive is 12?!?!
If I had an important message to give someone I'd get them on the phone - talking - or see them in person.
What an idiot!
Maybe they wanted a time-stamped, written record.
