lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200408061148.48943.capegeo@opengroup.org>
From: capegeo at opengroup.org (George Capehart)
Subject: Re: MS04-025 - Ignorance is truly bliss....

On Thursday 05 August 2004 18:49, hellNbak allegedly wrote:
> On Thu, 5 Aug 2004 someone pretending to have a nmrc email addy  
wrote:

<snip>

>
> The only mistake you make above is that you paint the entire industry
> with the same brush.  Yes, I and a lot of people make money in this
> industry. We took a hobby and made it a job -- why not?  Why not get
> paid for something you enjoy.  Working in this industry does not
> automatically make you a false profit as you explain above.
>
> Over the long term -- no one will benifet -- and I dont care how big
> the paycheck is -- telling a client what they want to hear is not the
> way many of us choose to make a living.  Sure, there are a lot of
> people in EVERY industry that are willing to push ethics aside and do
> what it takes for that paycheck but I know I can look myself in the
> mirror and say that I am not one of those people.
>
> Eventually the false prophets are exposed, sure they already got
> their paycheck and have moved on to the next sucker but eventually
> they run out of suckers and money.
>
> > What do you hope to achieve, or how do you believe your opinion is
> > being relevant or novel, if you come to this audience, and state
> > that CERT is no longer credible, and is a bunch of crooks who live
> > off selling advance vulnerability warnings? Or that Microsoft is
> > not exactly particularly devoted to improving security of their
> > products and protecting their customers?
>
> I hoped to stir some shit up, perhaps give the guys over at
> secure@...rosoft.com a bit of a kick in the nuts as there was a time
> that they were making at least a little progress.  I was hoping to
> draw enough attention to this issue that perhaps someone from one of
> the major banks will one day sit down and correlate the connection
> between vulnerabilities such as this and losses due to fraud.  The
> only way that any vendor is going to be forced to actually care about
> security and actually care about users is when those users mean lots
> of $$$ to them.

There just might be some hope . . . check out this white paper from PWC 
on "Integrity-Driven Performance."
http://www.cfodirect.com/cfopublic.nsf/f19696b6432afb8b8525690a000c9f67/86a39deb761f514d85256e3f00641442/$FILE/PWC_GRC_WP.pdf

(URL might wrap).  You can get it from Google if you search on 
pwc_grc_wp.pdf . . .

Cheers,

/g


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ