Salesforce sacks two top security engineers for their DEF CON talk

Salesforce fired two of its senior security engineers after they revealed details of an internal tool for testing IT defenses at DEF CON last month.

Josh Schwartz, director of offensive security, and John Cramb, a senior offensive security engineer based in Australia, were sacked by a senior Salesforce executive minutes after giving a talk at the hacking conference, according to our sources familiar with the matter.

The duo were warned in a message from a manager, sent half an hour before the start of their presentation, not to go on stage. Schwartz and Cramb didn’t see the text in time, gave their talk, and were told shortly after they no longer worked at Salesforce.

The presentation centered on an internal project called MEATPISTOL, which was described as “a modular malware framework for implant creation, infrastructure automation, and shell interaction.” It’s similar to the popular penetration-testing tool Metasploit; that MEATPISTOL is an anagram of Metasploit is no coincidence.

The plan was to open-source MEATPISTOL, although this move was resisted by bosses and lawyers at Salesforce at virtually the last minute despite being signed off earlier this year.

Read more…

Source: The Register