http://www.businessweek.com/technology/content/oct2005/tc20051025_346219.htm
By Arik Hesseldahl
Young Entrepreneurs of Tech
OCTOBER 25, 2005
For many technically talented teens, computer hacking brings about a
first brush with law enforcement. For Ejovi Nuwere, it was a ticket
out of the poverty-ridden, sometimes violent streets of New York's
Bedford-Stuyvesant neighborhood.
What started as a hobby at the age of 15 led in time to a computer
security job with Lehman Brothers, and later with @Stake, the fabled
security consulting firm that grew out of L0pht Heavy Industries, the
Boston-based hackers collective, now a unit of Symantec (SYMC ).
BOOK DEAL. The story of how he got from the streets of Bed-Stuy to
working the edge of the computer-security world formed the basis of an
autobiography he published in 2001 entitled Hacker Cracker with
HarperCollins.
The book, like so many other things in his life, happened
unexpectedly. "I was working for a startup company, and they couldn't
afford to pay me any cash," he says. "It was run by a husband and wife
team, and one was a former book editor, and the other was a food
writer, and so they had contacts in the publishing business. They made
one phone call, and two weeks later I had a book deal."
Now the hacker who escaped from the streets has started his own
outfit. As many companies ditch their old circuit-switched phone
systems in favor of less expensive Internet-based telephony, Nuwere's
SecurityLabs Technologies is dedicated to helping them make sure those
calls are secure.
POORLY WRITTEN. Nuwere started the firm as a one-man shop with
$10,000 in cash and took on some credit-card debt. First came
consulting work, with five companies. "I spun the money from
consulting into product development," he says. Now the company has
grown to three people, with three companies interested in its
software.
The problems related to VoIP (voice over Internet protocol) aren't as
simple as they at first appear, Nuwere says. Sure, there are concerns
about spam and call interception, but the VoIP programs themselves can
also be hacked.
Those applications, he says, sometimes have the same holes that have
plagued other programs in the past. In one case, he showed how poorly
written software code in a VoIP application can allow a hacker to take
over a desktop PC -- a bug previously found in programs like instant
messaging.
MAD RUSH. "There are a lot of fundamental security flaws in the way
many of these applications are written," he says. "There's a mad rush
among companies to deploy VoIP and make it work, and I can't fault
them for that. But no one is looking at the software for security.
Well, hackers are. I think in the next six months to a year we'll see
a lot more vulnerabilities being publicized."
Initially his product will be software installed on a network
appliance that companies will install on their internal networks. But
eventually, Nuwere plans to convert to an application service provider
model -- in which customers rent software that runs on the vendor's
servers -- somewhat like what Salesforce.com (CRM ) does.
"We'll market it like an ASP, and that will eliminate the need for
hiring additional personnel to monitor security of VoIP calls," he
says. "We'll deliver updates for the latest security threats in real
time and make the job of the chief security officer easy." Spoken like
a true entrepreneur.
_________________________________________
InfoSec News v2.0 - Coming Soon!
http://www.infosecnews.org
