lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: simon at snosoft.com (-SIMON-)
Subject: Blackout responsibility?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John,
    Unfortunatley ignorance is bliss and at the same time it is our 
number one vulnerability. The power plant "company officials" will keep 
the real incident a secret as that is in their best interest and our 
best interest.  It is obvious that IF someone is directly responsible 
for this incident then they already know the secret. Disclosure of the 
incident should not happen until the "compay officials" make sure that 
it can not happen again and is patched or repaired. Once the fix is in 
place, disclosure could happen without posing any further risk to our 
country... but will probably not happen for various political and 
business reasons. Don't forget, we live in a capaitalist world and it 
hurts less to say we had a system failure than to say we got hacked.

This just goes to show, a good security audit and plan will almost 
always cost less than a compromise.

- -simon



John Sec wrote:

> ....and if blaster actually *did* have something to do with the 
> blackout, what are the chances that the company officials will give 
> the real reason?  i mean, they would be lucky that a relatively benign 
> worm got to their systems.  it could have been far worse.
>
> _________________________________________________________________
> Protect your PC - get McAfee.com VirusScan Online  
> http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/QO2wf3Elv1PhzXgRAvwRAJ4sAPjhbIKfQpbUPPszOZ6Rykp6bACdEQvK
1RTYoRNM2obdqpTnqcrEByw=
=IBcN
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ