lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 14 Oct 2007 15:12:59 -0400
From: "C Q" <kyle.c.quest@...il.com>
To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: Remote Desktop Command Fixation Attacks

I guess there's some logic in spreading FUD about security in depth
not working. It might be a nice way to scare potential customers
who don't know much about security into whatever services
Gnucitizen team sells. However, these kind of tricks
simply won't work with any seasoned  security professional.
It'll actually backfire if you are not careful... because you
won't be taken seriously in the industry. I'm pretty sure
Pdp's rating in the books of many security professionals
went down quite a few notches :-) It's a small world...
and most likely it'll affect your and your company's
future... because you'll need to do business with
people like Thor (who gave a great and very logical
description with proper supporting examples of what
security in depth is and what's mean to do).
The chances are that they'll simply choose to work
with someone else... who betters understands the big
picture in security :-)

CQ

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists