User:Tan10453

 Karl Kasper (better known as Tan or John Tan); former member of Hacker Think_tank, the L0pht and co-founder of @stake.

Education
In 1993, Tan earned a B.S./B.A. in Management_science from Northeastern_University%2C_Boston School of Business. His concentration was Management Information Systems.

L0pht
In 1996, Tan joined the L0pht, a hacker think-tank and hang-spot for many of the Computer_security elite. As a resident at the L0pht, Tan published an advisory on Novell Netware 3.x ; one of the first of the L0pht's Full_disclosure security advisories dating back to 1996. Tan also organized the L0pht as a business (an S-corporation) which grew from 1997 through 1999 and was eventually merged with @stake.

While with the L0pht, Tan published two major white papers, the first of which was Cyber UL which was a widely cited paper, characterized as a &quot;no holds barred look at what's wrong with software and professional security certifications&quot; (1999). The paper demonstrates a conflict of interest between those funding the certification process and those performing it and shows how the Insurance industry may be the only credible funder that comes to mind (Underwriters_Laboratories). Tan's second white paper, "Online Banking: Everyone's a @#$%Z^&* Expert" compares: face to face, Automated_teller_machine and Online_banking transactions, demonstrating an architectural problem with the online model (trusting home PCs). Written in 1999, it serves as a pre-cursor to the spirit going into the original 2005 FDIC/Ffiec Guidance on Authentication for Internet Banking. Unfortunately, push-back from the financial industry lead to unclear guidelines giving rise to a new breed of Snake_oil in the multi-factor authentication (Two-factor_authentication) space.

In 1998, Tan testified with 6 other L0pht members, before the U.S._Senate_Committee_on_Government_Affairs. As a member of the L0pht, he also spoke at SANS_Institute, at Northeastern University's chapter of the Association_for_Computing_Machinery, at Boston_College for Professor Gallaugher and elsewhere.

@stake
In 2000, the L0pht joined Dan_Geer, Forrester_Research analyst Ted Julian, and a cast of consulting industry types to launch @stake. Tan's role with @stake brought his next major white paper, Forensic Readiness in @stake's Secure Business Quarterly. Tan also played the lead technical role for a number of cyber investigations, the most notable and public of which was The US v. R Duronio (Computer_fraud_case_studies). The incident involved the sabotage of over 1000 Sun_micro (Solaris_Operating_System) and IBM (IBM_AIX_%28operating_system%29) systems across the country and caused millions in damages. Under Tan's technical leadership, the @stake team was able to identify a Perpetrator and produce enough Evidence for the initial Search_warrant. From there, Tan's "Findings for Evaluation as Evidence" report was used by the Assistant_United_States_Attorney, along with financial records and witness accounts, to produce an 2002 Indictment, a 2006 guilty Verdict , an 8 year Sentence_%28law%29, and over a million dollars in fines against a Defendant that pulled out every defense in the book including attacks on the evidence  and those involved in the investigation  including (but not limited to) Tan himself. The evidence (both digital and other) held solid and sets a number of important precedents for the use of digital evidence in court.

While with @stake, Tan presented at Black_Hat_Briefings, CANSECWEST , the M.I.T. Summer Security Camp and many other venues. He left @stake Q2 of 2003.

Current
Independently, Tan made an uncredited appearance in the 2004 Hamptons_International_Film_Festival selection, Votergate (IMDB title ID tt0435771 ), speaking out against the quality of the Diebold_Election_Systems source code from a security standpoint.

John Tan has since returned to the financial services industry where he has 12 years experience in Information_technology and computer security positions, playing a private role outside of the spot-light. 