| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: jason at compnski.com (Jason Freidman) Subject: [SD:jason.full-disclosure] RE: NASA.GOV SQL Injections >From my experience working at NASA (moffet field as an intern one summer) was that their IT department (in my building) was good at what they did but had a pretty restrictive security policy (which is a good thing i guess). So i would rate them as excellent although too restrictive. On Fri, 2003-10-17 at 14:03, Ron DuFresne wrote: > On Fri, 17 Oct 2003, Jonathan A. Zdziarski wrote: > > > > No offense meant to the fine IT people at NASA, but do you seriously > > > believe that the one-percenters are securing the network? As opposed to > > > say, figuring out how to land a rover on Mars, how to keep astronauts > > > alive in space, how to overcome the long-term negative effects of zero > > > gravity, etc., etc.??? > > > > Maybe I'm not as familiar with NASA as others might be, but I would > > think NASA would try and hire the most gifted IT people they could find > > (e.g. the cream of the crop). Since I've never run into one, I can't > > prove this theory - I suppose it's possible they're all morons...but if > > I had the resources NASA has, there wouldn't be any idiots working for > > me. > > > > I wonder if their janitors require security clearance just to work > > there...if that's the case their IT people are most likely l33t. > > > > Of course, one might think the same thing about the FED gov and the > various states govs. Untill one looks at pay rates, and how they compare > to the private sector. And that pays little or no mind to the POLITICS in > such places. One does not merely work in a gov related setting, one HAS > to play a political tightrope walk, with less the proportional pay that > private sector jobs provide. Thus, whne the OSB and GAO audits and their > released findings that make it into the headlines and before congress now > and then come as no surprise. I did an interesting article on the state > of cyber security a year or so ago mentioning some of this for TISC > Insight Newsletter, and a copy can be found at > http://sysinfo.com/sec-state.html. > > C ourse, if anyone would like to hear the real nightmares of gov related > work and the political BS that prevents real work from getting > accomplished, I'll be happy to talk offline/offrecord. > > Thanks, > > Ron DuFresne > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > "Cutting the space budget really restores my faith in humanity. It > eliminates dreams, goals, and ideals and lets us get straight to the > business of hate, debauchery, and self-annihilation." -- Johnny Hart > ***testing, only testing, and damn good at it too!*** > > OK, so you're a Ph.D. Just don't touch anything. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > ------------------------ > Sent to jason.full-disclosure > Edit forwarding: http://spamdam.compsnki.com//editemail.php?fid=32 > Description: full disclosure maling list -- Jason Freidman <jason@...pnski.com> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031017/63838d34/attachment.bin
Powered by blists - more mailing lists