lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: steve at entrenchtech.com (Steve  Manzuik)
Subject: Are PHC going to ultimately secure more work for "Security Consultants"?

That is exactly what I said to them on that stupid mailing list.  "Thanks, you are buying me a new home..." which of course gets them into a frenzy of "sell-out" and other accusations.  But whatever, they are a bunch of misguided souls who think they are going to make a name for themselves.  I think this last rant from them, if its not happening already, will draw the attention of various law enforcement.

	-----Original Message----- 
	From: James Martin [mailto:fulldisclose@...ppz.com] 
	Sent: Mon 9/16/2002 5:56 AM 
	To: full-disclosure@...ts.netsys.com 
	Cc: 
	Subject: [Full-Disclosure] Are PHC going to ultimately secure more work for "Security Consultants"?
	
	

	-----BEGIN PGP SIGNED MESSAGE-----
	Hash: SHA1
	
	I've been pondering the real effect PHC are going to have (if at
	least
	partially successful) on the "Security Industry". My conclusion is
	that
	ultimately they will help, not hinder the industry. I'd be interested
	to
	hear your comments on my argument.
	
	What does the industry rely on to maintain a market? Fear. Fear of
	breaches
	of privacy. Fear of vandalism. Fear of embarrassment. Fear of loss of
	productivity.
	
	For a company to invest in maintaining security, they must be able to
	justify their fears. As many of you know it can be very difficult to
	convince those in suits that there's a real risk of being hacked. A
	tangible
	representation of the risk is often needed, rather than just
	protecting
	against an unknown enemy.
	
	The spread of worms and viruses has had a very noticeable effect on
	the
	security policy in several companies to which I have involvement.
	CodeRed
	and Nimda are words known to many relatively untech-savvy managers,
	they
	instil fear. However it is still difficult to convince many that
	there is a
	real risk of non automated attacks on their systems (i.e. real people
	hacking them, not a worm or virus). Part of the reason for this is
	there is
	no coherent focus on who these unknown enemies are.
	
	If PHC et al succeed in building a name for themselves in the media,
	they
	will become to Al Quida of the security  industry. Still very sketchy
	in
	detail, but a label for the risk. This in my opinion should prove a
	powerful
	weapon in the arsenal of those pushing for larger (or even some)
	budgeted
	capital for security related services.
	
	Ultimately a threat is going to strengthen the industry not weaken
	it. Keep
	up the good work PHC, your securing the internet ;P.
	
	
	Regards
	James
	
	
	Web: http://www.uuuppz.com
	Email:  me@...ppz.com
	
	
	-----BEGIN PGP SIGNATURE-----
	Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
	
	iQA/AwUBPYXG5vL9eRNyreu5EQKcmwCeMJL90UqqB0jXru9p8B81wXM95VgAn2xr
	+f96Zs+LvLOqUOmRViFocIzp
	=oFx7
	-----END PGP SIGNATURE-----
	
	
	_______________________________________________
	Full-Disclosure - We believe in it.
	Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ