| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: hellnbak at nmrc.org (hellNbak) Subject: Re: MS04-025 - Ignorance is truly bliss.... On Thu, 5 Aug 2004 someone pretending to have a nmrc email addy wrote: > But then, were the Internet and IT security still merely a hobby of a bunch > of enthusiasts, you wouldn't be getting your paycheck, would you? You > benefit from these changes, with all their side effects. You tell your > customers to buy products, not to distrust the system, to uncloak treasons, > or banish false prophets. You tell them what they want to hear, then cash > the check so that you can afford to write rants about how the world should > be. The problem with socialist utopias where all do their jobs best, and get > exactly what they deserve, is that they all seem to fail quite miserably > (how odd). Unjust exploitation, trickery to claim undeserved credibility or > recognition, commercialization of everything you can capitalize on - that's > what makes a country (or an industry) great. The only mistake you make above is that you paint the entire industry with the same brush. Yes, I and a lot of people make money in this industry. We took a hobby and made it a job -- why not? Why not get paid for something you enjoy. Working in this industry does not automatically make you a false profit as you explain above. Over the long term -- no one will benifet -- and I dont care how big the paycheck is -- telling a client what they want to hear is not the way many of us choose to make a living. Sure, there are a lot of people in EVERY industry that are willing to push ethics aside and do what it takes for that paycheck but I know I can look myself in the mirror and say that I am not one of those people. Eventually the false prophets are exposed, sure they already got their paycheck and have moved on to the next sucker but eventually they run out of suckers and money. > What do you hope to achieve, or how do you believe your opinion is being > relevant or novel, if you come to this audience, and state that CERT is no > longer credible, and is a bunch of crooks who live off selling advance > vulnerability warnings? Or that Microsoft is not exactly particularly devoted > to improving security of their products and protecting their customers? I hoped to stir some shit up, perhaps give the guys over at secure@...rosoft.com a bit of a kick in the nuts as there was a time that they were making at least a little progress. I was hoping to draw enough attention to this issue that perhaps someone from one of the major banks will one day sit down and correlate the connection between vulnerabilities such as this and losses due to fraud. The only way that any vendor is going to be forced to actually care about security and actually care about users is when those users mean lots of $$$ to them.
Powered by blists - more mailing lists