lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 11 Jan 2012 15:39:20 +0100
From: Ferenc Kovacs <tyra3l@...il.com>
To: Laurelai <laurelai@...echan.org>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Fwd: Rate Stratfor's Incident Response

>
>
> Because the ones with the so called ethics either lack the technical
> chops or lack the enthusiasm to find simple vulnerabilities. Not very
> ethical to take a huge paycheck and not do your job if you ask me.
>
>
If the only thing missing to secure those systems was somebody being able
to use sqlmap and xss-me, then that could be fixing without hiring people
who already proved that they aren't trustworthy.
from my experience, the lack of security comes from the management, you can
save money on that (and qa) on the short run.
so companies tend to hire QSA companies to buy the paper which says that
they are good, when in fact they aren't.
most of them don't wanna hear that they are vulnerable and take the risks
too lightly.
if they would take it-security seriously it simply couldn't be owned
through trivial, well-known attack vectors.

-- 
Ferenc Kovács
@Tyr43l - http://tyrael.hu

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ