lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Sun, 14 Oct 2007 19:49:11 -0400
From: "C Q" <kyle.c.quest@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Why criticize security researchers? On the
	recent PDP case.

Nichego strashnogo anglijskij normal'nij vot tol'ko soderzhanie
poxozhe na propagandu :-)

Couple of reasons why people in the security industry
are somewhat critical of pdp...

1. Social engineering is 99% of an exploit it's pretty
much a given that people will question the plausibility
of a successful mass exploitation in a real world.

2. When somebody makes a claim that's totally off base
people will correct it. That's the whole idea of a community...
We share knowledge and help each other better understand
how things work. Some people (like pdp) are going
through "growing pains" in the security industry where
they try to interpret the world based on their limited
understanding and experience. Sometimes those
interpretations are incorrect. What is wrong in pointing
it out. Finding a 0day doesn't automatically make
somebody an all knowing security expert. It takes
a lot of time and experience to gain the proper
understanding of security.

CQ

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ