lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 10 Apr 2008 18:36:44 +0100
From: n3td3v <xploitable@...il.com>
To: n3td3v <n3td3v@...glegroups.com>, full-disclosure@...ts.grok.org.uk, 
	"Valdis.Kletnieks@...edu" <Valdis.Kletnieks@...edu>
Subject: Re: Fwd: n3td3v has a fan

On Thu, Apr 10, 2008 at 5:27 PM,  <Valdis.Kletnieks@...edu> wrote:
> On Wed, 09 Apr 2008 19:53:44 BST, n3td3v said:
>
>  > It highlights what i've been saying for _years_ about never trusting
>  > your employees, and you've got to patch your offline machines as fast
>  > as your online ones.
>
>  Hate to burst your bubble, but insider threats have been understood as an
>  issue since well before you were born.

Side note:

So has the concept of security threater, but that doesn't stop Bruce
Schneier talking about it in essays
http://www.schneier.com/essay-155.html and at security
http://www.news.com/8301-10784_3-9915030-7.html conferences.

[/snip]

Inside threat:

The new skool has got to keep talking about it and evolving how we
respond to it.

Offline patching isn't taken as seriously as online patching, one day
that will change.

Valdis, you confuse me, are you saying we shouldn't discuss and evolve
how we respond to the insider threat because its already been
invented?

That makes no sense, because we didn't have cyber terrorism back when
your quote is from, so circumstances of the inside threat change and
we've got to talk about how to counter new emerging threats which come
under the old age insider threat bracket.

I had respect for you once a upon a time Valdis, don't make that change.

As far as I know a security threat is never completely conquered and
has to be continually re-evaluated all the time.

So valdis, should no one talk about insider threat again because its
been invented already?

Has someone hijacked Valdis e-mail today???

All the best,

n3td3v

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists