lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: mvp at joeware.net (Joe)
Subject: NASA.GOV SQL Injections

I have no personal information on NASA but would expect it works like any
large enterprise company or other government organization which I do have
experience with. You tend to have a few really good folks and a bunch of so
so folks and some really bad folks. The bigger the organization the easier
to hide mediocrity and incompetence. The really good ones tend to set
standards and the rest try to follow them or think they know better and do
something else. The good ones then have to try to touch base once in a while
to make sure those standards are still being set. 

The idea that a government organization is going to get the cream of the
bell curve for Office IT is probably overstating since the government (like
most large companies) does a lot of "lowest bidder" type of work for things
not in their direct main line. Office IT is not what NASA is there for, the
people responsible for the web sites and word processing tools running are
not the people writing the code for the next satellite or space station.
Heck the mindsets of those two groups of people is probably extremely
different. The folks working on the word processors and web sites are
working and this is the best or only job they could get... The people doing
the work on the landers and space stations and such are trying to change the
world and money probably isn't the main drive - there aren't many places
they can go to do what they want to do. 

As for the janitors, I would bet that they need high security clearance for
some of the areas, but having that high security clearance doesn't mean they
are the best janitors. They are the best janitors with that security
clearance that would work for whatever the pay scale was. That translates to
the Office IT workers as well. 

  joe


-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Jonathan A.
Zdziarski
Sent: Friday, October 17, 2003 12:28 PM
To: Schmehl, Paul L
Cc: full-disclosure

Maybe I'm not as familiar with NASA as others might be, but I would think
NASA would try and hire the most gifted IT people they could find (e.g. the
cream of the crop).  Since I've never run into one, I can't prove this
theory - I suppose it's possible they're all morons...but if I had the
resources NASA has, there wouldn't be any idiots working for me.

I wonder if their janitors require security clearance just to work
there...if that's the case their IT people are most likely l33t.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ