lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <006b01c25f58$b9fde460$c700a8c0@Mandie>
From: andrew at generator.co.za (Andrew Thomas)
Subject: openssl exploit code (e-secure-it owned)

Comments inline...

----- Original Message -----
From: "hellNbak" <hellnbak@...c.org>
To: "Andrew Thomas" <andrew@...erator.co.za>
Cc: "Erik Parker" <eparker@...dsec.com>; "Arjen De Landgraaf"
<arjen.de.landgraaf@...ogic.co.nz>; <full-disclosure@...ts.netsys.com>
Sent: Wednesday, September 18, 2002 5:32 PM
Subject: Re: [Full-Disclosure] openssl exploit code (e-secure-it owned)


> > Or maybe you'd be willing to pay for another admin to work half-day to
keep
> > up with the lists. Again, I wouldn't. I'd rather split the costs with
...
> Some companies do exactly this.  It depends on your organization size and
> security budget.  If the "service" is going to cost you an arm and a leg
> to implement and use is it not worth it to hire a junior security resource
> instead?
Definitely. Agreed on all costs. My example being from an historical
situation that I found myself in, with a bit of poetic licence to make the
point of the devils advocate.

> > Or what am I missing here?
>
> There are free alternatives to giving these guys your money.
I definitely missed that :)

Would you care to give me pointers to these services?

Regards,
  Andrew


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ