lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: dufresne at winternet.com (Ron DuFresne)
Subject: NASA.GOV SQL Injections

On Fri, 17 Oct 2003, Jonathan A. Zdziarski wrote:

> > No offense meant to the fine IT people at NASA, but do you seriously
> > believe that the one-percenters are securing the network?  As opposed to
> > say, figuring out how to land a rover on Mars, how to keep astronauts
> > alive in space, how to overcome the long-term negative effects of zero
> > gravity, etc., etc.???
>
> Maybe I'm not as familiar with NASA as others might be, but I would
> think NASA would try and hire the most gifted IT people they could find
> (e.g. the cream of the crop).  Since I've never run into one, I can't
> prove this theory - I suppose it's possible they're all morons...but if
> I had the resources NASA has, there wouldn't be any idiots working for
> me.
>
> I wonder if their janitors require security clearance just to work
> there...if that's the case their IT people are most likely l33t.
>

Of course, one might think the same thing about the FED gov and the
various states govs.  Untill one looks at pay rates, and how they compare
to the private sector.  And that pays little or no mind to the POLITICS in
such places.  One does not merely work in a gov related setting, one HAS
to play a political tightrope walk, with less the proportional pay that
private sector jobs provide.  Thus, whne the OSB and GAO audits and their
released findings that make it into the headlines and before congress now
and then come as no surprise.  I did an interesting article on the state
of cyber security a year or so ago mentioning some of this  for TISC
Insight Newsletter, and a copy can be found at
http://sysinfo.com/sec-state.html.

C ourse, if anyone would like to hear the real nightmares of gov related
work and the political BS that prevents real work from getting
accomplished, I'll be happy to talk offline/offrecord.

Thanks,

Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
	***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ