lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 11 Jan 2012 06:34:06 -0600
From: Laurelai <laurelai@...echan.org>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Fwd: Rate Stratfor's Incident Response

On 1/10/12 11:39 PM, Ian Hayes wrote:
> On Tue, Jan 10, 2012 at 9:18 PM, Laurelai<laurelai@...echan.org>  wrote:
>> On 1/10/12 10:18 PM, Byron Sonne wrote:
>>>> Don't piss off a talented adolescent with computer skills.
>>> Amen! I love me some stylin' pwnage :)
>>>
>>> Whether they were skiddies or actual hackers, it's still amusing (and
>>> frightening to some) that companies who really should know better, in
>>> fact, don't.
>>>
>> And again, if companies hired these people, most of whom come from
>> disadvantaged backgrounds and are self taught they wouldn't have as much
>> a reason to be angry anymore. Most of them feel like they don't have any
>> real opportunities for a career and they are often right.
> [citation needed]
>
>> Microsoft hired some kid who hacked their network, it is a safe bet he isn't going
>> to be causing any trouble anymore.
> Are you proposing that we reward all such behavior with jobs? I've
> always wanted to be a firefighter. Forget resumes, job applications
> and interviews, I'm going to set people's houses on fire. By your
> logic, an arsonist is not only the best person to combat other
> arsonists, but due to his obviously unique insight into the nature of
> fire, simply must know how best to fight a fire as opposed to someone
> who went to school for years to learn the trade.
>
>> Talking about the trust issue, who
>> would you trust more the person who has all the certs and experience
>> that told you your network was safe or the 14 year old who proved him
>> wrong?
> This is asinine. WHY would I want to hire someone for a position of
> trust that just committed a crime, or at the very least acted in an
> unethical manner? More than anything, that person has proven that
> while he *might* have the technical chops, he certainly lacks the
> ethics and decision making skills to operate in the grown-up world.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Because the ones with the so called ethics either lack the technical 
chops or lack the enthusiasm to find simple vulnerabilities. Not very 
ethical to take a huge paycheck and not do your job if you ask me.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ