| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: kenng at kpmg.com (Ng, Kenneth (US)) Subject: Top 15 Reasons Why Admins Use Security Scan ners It depends on who you get. At a previous job I was once asked to provide a printout of the file permissions of every file on every system. After delivering I think it was four cartons of paper for one system, I think he changed his mind because he didn't ask for the other systems. But the best ever was from a goverment auditor doing a securities investigation. Said auditor wanted all transactions between us and XXX between such and such dates. Ok, we said, what format tape do you want it on? They insisted on a printout. So, I think it was 14 cartons of 8.5x11 paper. A few months later we asked them how they were doing. They said that they were having difficulty (AND I KID YOU NOT) OCR'ING IT BACK INTO ELECTRONIC FORMAT. Now think about this. Every transaction is a series of about 80-120 numbers of accounts, stocks, amounts, etc. Given an OCR accuracy of 90% (this was the early 90's), every line that they OCR'ed in had an error on it. Not very useful for searching for illegal trading. -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Starford, Christopher D. Sent: Wednesday, April 28, 2004 3:55 PM To: 'Harlan Carvey' Cc: 'full-disclosure@...sys.com' Subject: RE: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners Harlan, I believe many true IT Security Auditors out there would agree that your wrong on this one. > -How will I ever pass my IT Security Audits? > > Don't worry about it...most audits don't seem to have > an IT background, and even when they do, they don't > take the time to understand your business processes or > your network infrastructure. __________________________________________________ Christopher D. Starford SAIC Enterprise Security Sulutions _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ***************************************************************************** The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter. *****************************************************************************
Powered by blists - more mailing lists