lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: jan.m.clairmont at citigroup.com (Clairmont, Jan M)
Subject: RE: Open the doors to hell hire a hicker Full-Disclosure Posts

Oh yeah and we can trust you bozos not to put in backdoors, sploits and other
great modes of entry yeah right. 8->, Hire the burgler to secure your home,
yeah right? Doh! 

Sheessh what a stupid idea?

The whole point of hiring people who don't know much is that they follow
a policy procedure and comply with audit, I have yet to see a H&ck3r follow any
procedure.  So how do you control anything such as policy etc, the wild west again?
You hire professional security people to maintain control, not chaos, and find methodologies
procedures and products that are the most effective, test, re-test, remediate, deploy and defend.
And that can be maintained and operated by ordinary computer folk, who want to do an honest days
work and collect their rightful pay, but maybe you never thought of that!

gimme a break LOL
Jan, Paladin of Insecurity Security.

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of
yahoo@...alhost
Sent: Sunday, October 17, 2004 8:58 AM
To: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] Full-Disclosure Posts


On Sat, 16 Oct 2004 19:13:18 -0700, Etaoin Shrdlu <shrdlu@...ddrop.org> wrote:
> Of course, anyone still using the term "hax0r" as though it were
> meaningful might want to think further about what a "security
> professional" might be




A security professional is someone who cares more about money than the
real issue of security at where they work. They don't go the extra
mile for the interests of security at where they work, as they don't
want to risk the job they're in.

My view is corporations should not employ uni graduates and
thirty-somethings to work in a security team. They very likely still
can't open a can of beans and certainly have no idea about the real
issues which face them. They follow company policy and go home at the
end of the day, and switch off.

The people who should be working at a security team should be
volunteers who have the real interests of the company in mind, instead
of money.

The security professional as we know it (uni graduate and 30
something) is not a hax0r, they are ph.d or whatever who are skilled
on an academic level, and thats as far as it goes, which in my opinion
isn't far enough.

Being a security professional is ment to be about passion, strictly
not money, in my humble opinion.

Stop employing academics and get the hackers in to do the job
properly, unpaid of course, at least to start off with, to make sure
they're joining the company for the right reasons. ;-)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ