lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1066418676.29516.12.camel@mongoose>
From: jason at compnski.com (Jason Freidman)
Subject: [SD:jason.full-disclosure]  RE: NASA.GOV SQL
	Injections

>From my experience working at NASA (moffet field as an intern one
summer) was that their IT department (in my building) was good at what
they did but had a pretty restrictive security policy (which is a good
thing i guess).  So i would rate them as excellent although too
restrictive.

On Fri, 2003-10-17 at 14:03, Ron DuFresne wrote:
> On Fri, 17 Oct 2003, Jonathan A. Zdziarski wrote:
> 
> > > No offense meant to the fine IT people at NASA, but do you seriously
> > > believe that the one-percenters are securing the network?  As opposed to
> > > say, figuring out how to land a rover on Mars, how to keep astronauts
> > > alive in space, how to overcome the long-term negative effects of zero
> > > gravity, etc., etc.???
> >
> > Maybe I'm not as familiar with NASA as others might be, but I would
> > think NASA would try and hire the most gifted IT people they could find
> > (e.g. the cream of the crop).  Since I've never run into one, I can't
> > prove this theory - I suppose it's possible they're all morons...but if
> > I had the resources NASA has, there wouldn't be any idiots working for
> > me.
> >
> > I wonder if their janitors require security clearance just to work
> > there...if that's the case their IT people are most likely l33t.
> >
> 
> Of course, one might think the same thing about the FED gov and the
> various states govs.  Untill one looks at pay rates, and how they compare
> to the private sector.  And that pays little or no mind to the POLITICS in
> such places.  One does not merely work in a gov related setting, one HAS
> to play a political tightrope walk, with less the proportional pay that
> private sector jobs provide.  Thus, whne the OSB and GAO audits and their
> released findings that make it into the headlines and before congress now
> and then come as no surprise.  I did an interesting article on the state
> of cyber security a year or so ago mentioning some of this  for TISC
> Insight Newsletter, and a copy can be found at
> http://sysinfo.com/sec-state.html.
> 
> C ourse, if anyone would like to hear the real nightmares of gov related
> work and the political BS that prevents real work from getting
> accomplished, I'll be happy to talk offline/offrecord.
> 
> Thanks,
> 
> Ron DuFresne
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> "Cutting the space budget really restores my faith in humanity.  It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation." -- Johnny Hart
> 	***testing, only testing, and damn good at it too!***
> 
> OK, so you're a Ph.D.  Just don't touch anything.
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 
> ------------------------
> Sent to jason.full-disclosure
> Edit forwarding: http://spamdam.compsnki.com//editemail.php?fid=32
> Description: full disclosure maling list
-- 
Jason Freidman <jason@...pnski.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031017/63838d34/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ