lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed Jul  5 07:19:08 2006
From: stefan.keller at gmail.com (Stefan Keller)
Subject: Undisclosed breach at major US facility

The cost/benefit analysis is exactly why the "Oh, but I have so many
computers and so little budget" philosophy is dead wrong here.

- There is no reason why sensitive personal data should be accessible on
each and every of your thousands of computers. And there is no reason why
all your clients should look the same and have the same level of security.
Introducing different security levels in your infrastructure (e.g. having
"more secure zones") should  be the approach here, not complaining that
encrypting all and every  kit costs so much..

Getting caught, punished, blamed and thrown in jail *should* be part of that
cost/benefit analysis. - So I just hope that we'll see some real stiff
penalties soon.

- Stefan



If you look at introducing different security levels in your infrastructure,
you'll see that


On 7/5/06, Q-Ball <qballus@...il.com> wrote:
>
> Security is simply a cost/benefit excercise at the end of the day. No one
> implements security just to feel better about themselves.
>
> On 7/5/06, Valdis.Kletnieks@...edu <Valdis.Kletnieks@...edu> wrote:
>
> > On Wed, 05 Jul 2006 00:25:15 EDT, Stack Smasher said:
> > Like I said, shareholder value and profit plays a huge role in people
> > getting off their ass and doing something to help the general public,
> > seeing as how you have mostly worked at a university you don't have an
> > executive board screaming at you
>
> Universities have their equivalent of executive boards, trust me.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060705/b1ee4209/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ