lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 10 Apr 2008 18:36:44 +0100 From: n3td3v <xploitable@...il.com> To: n3td3v <n3td3v@...glegroups.com>, full-disclosure@...ts.grok.org.uk, "Valdis.Kletnieks@...edu" <Valdis.Kletnieks@...edu> Subject: Re: Fwd: n3td3v has a fan On Thu, Apr 10, 2008 at 5:27 PM, <Valdis.Kletnieks@...edu> wrote: > On Wed, 09 Apr 2008 19:53:44 BST, n3td3v said: > > > It highlights what i've been saying for _years_ about never trusting > > your employees, and you've got to patch your offline machines as fast > > as your online ones. > > Hate to burst your bubble, but insider threats have been understood as an > issue since well before you were born. Side note: So has the concept of security threater, but that doesn't stop Bruce Schneier talking about it in essays http://www.schneier.com/essay-155.html and at security http://www.news.com/8301-10784_3-9915030-7.html conferences. [/snip] Inside threat: The new skool has got to keep talking about it and evolving how we respond to it. Offline patching isn't taken as seriously as online patching, one day that will change. Valdis, you confuse me, are you saying we shouldn't discuss and evolve how we respond to the insider threat because its already been invented? That makes no sense, because we didn't have cyber terrorism back when your quote is from, so circumstances of the inside threat change and we've got to talk about how to counter new emerging threats which come under the old age insider threat bracket. I had respect for you once a upon a time Valdis, don't make that change. As far as I know a security threat is never completely conquered and has to be continually re-evaluated all the time. So valdis, should no one talk about insider threat again because its been invented already? Has someone hijacked Valdis e-mail today??? All the best, n3td3v _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists