lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20021107115458.14389.qmail@email.com>
From: sockz at email.com (sockz loves you)
Subject: Security Industry Under Scrutiny: Part One

----- Original Message -----
From: John.Airey@...b.org.uk
Date: Thu, 7 Nov 2002 11:01:48 -0000 
To: sockz@...il.com, full-disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] Security Industry Under Scrutiny: Part One


> > -----Original Message-----
> > From: sockz loves you [mailto:sockz@...il.com]
> > Sent: 07 November 2002 10:13
> > To: full-disclosure@...ts.netsys.com
> > Cc: vuln-dev@...urityfocus.com; vulnwatch@...nwatch.org;
> > bugtraq@...urityfocus.com
> > Subject: [Full-Disclosure] Security Industry Under Scrutiny: Part One

*snip*

i replied to your email only to say that you need serious help in the area of
comprehension.  nothing of what you posted had anything to do with my original
post.  nor did it make any sense.  i can only assume that it is something they
put in the water in britain.  that or the school system.  how you graduated with
honours is completely beyond me, and i question those letters the end of your
name.  you said my post had too much noise itself?  allow me to clarify for you:

* security advisories are rarely based on original concepts
* most of them are filled with lots of crap used to build up the reputation of
  the whitehat.
* whitehats should contact vendors and not public forums as only the vendors can
  release an update.
* "proof of concept" toolz are used to fuel script kiddies so as to justify the
  employment of security professionals.  kinda like the CIA bombing a sky
  scraper to get more funding.

things we can do to make the security industry better:

* dont post to public forums.  contact the vendor directly.  make vendors more
  responsible for their products.
* stop producing "proof of concept" code/tools, as these are more often used to
  harm, rather than to heal.
* care more about security and less about money.

!<3 sockz
-- 
_______________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup

Single & ready to mingle? lavalife.com:  Where singles click. Free to Search!
http://www.lavalife.com/mailcom.epl?a=2116


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ