lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 17 Jan 2008 15:16:30 -0600
From: "Fredrick Diggle" <fdiggle@...il.com>
To: Valdis.Kletnieks@...edu
Cc: full-disclosure@...ts.grok.org.uk, Gadi Evron <ge@...uxbox.org>
Subject: Re: what is this?

Seems to Fredrick Diggle that if you are any good at your job you
should be thanking the sheltered research corner for keeping you in
mustache wax. If you inform your clients of the realistic risks
involved then you also must realize that very few researchers are
actually finding the types of bugs which keep your clients scared
enough to hire you o.0. Fredrick Diggle thinks you owe someone an
apology.

Also, we should all put a description of our jobs on here like Valdis
has so graciously started. That way we will all know who we are
dealing with. Fredrick Diggle will start.

Fredrick's job is to primarily clean the primate cages but also he is
allowed to feed the chimps, train the babies to do backflips for
grapes (monkeys love grapes), and teach the older ones to search for
web vulns (The zoo doesn't know but he is building an army of monkey
hackers). Sometimes he is also asked to brush the hippopotamus' teeth
but Fredrick tends to get angry and throw things when he is forced to
do that because no matter how much you brush you just can't get rid of
the smell (interesting fact: hippos have bad breathe).

YAY!

On Jan 17, 2008 2:36 PM,  <Valdis.Kletnieks@...edu> wrote:
> On Wed, 16 Jan 2008 20:41:21 CST, reepex said:
>
> > woah paul are you talking about stuff you do not know about again? [1] You
> > like to butt in on conversations. and how do you that this virus has been
> > put in virustotal, maybe it is new? Most people with decent RE skill (
> > unlike you and gadi ),
>
> It might come as quite the shock to you in your sheltered corner of the
> security community, but many of us have jobs and roles in the community that
> don't directly involve either creating exploits or doing RE.  For instance,
> I will cheerfully admit that I suck at writing exploits, and I'm not the
> world expert on RE.  On the other hand, that's OK, because that's not my
> job.  My job is to answer questions like "What is our exposure if somebody
> has an exploit for bug #19345" and "What can we do to minimize the damage if
> somebody in the VP's office gets hit with the FooBar trojan?" and other
> similar "How do we keep our 30,000 users out of trouble?" questions.
> And to answer those sorts of questions doesn't take a lot of writing/RE
> knowledge, but it *does* require understanding things like "escalating
> privilege" (if attacker has X, can they get to Y?), auditing (how do we
> know if an attacker did or didn't get Y), deployment issues (how
> do you get 30,000 users to patch against something, when you don't have
> administrative control over their boxes), and social engineering (what you
> resort to when you can't find other ways to get the users to patch :)
> and social engineering.
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ