lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu, 10 Apr 2008 23:11:45 -0300
From: steve menard <smenard@...et.nb.ca>
To: n3td3v <xploitable@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Fwd: n3td3v has a fan

you don't see Bruce posting 5 times a day here


n3td3v wrote:
> On Thu, Apr 10, 2008 at 5:27 PM,  <Valdis.Kletnieks@...edu> wrote:
>   
>> On Wed, 09 Apr 2008 19:53:44 BST, n3td3v said:
>>
>>  > It highlights what i've been saying for _years_ about never trusting
>>  > your employees, and you've got to patch your offline machines as fast
>>  > as your online ones.
>>
>>  Hate to burst your bubble, but insider threats have been understood as an
>>  issue since well before you were born.
>>     
>
> Side note:
>
> So has the concept of security threater, but that doesn't stop Bruce
> Schneier talking about it in essays
> http://www.schneier.com/essay-155.html and at security
> http://www.news.com/8301-10784_3-9915030-7.html conferences.
>
> [/snip]
>
> Inside threat:
>
> The new skool has got to keep talking about it and evolving how we
> respond to it.
>
> Offline patching isn't taken as seriously as online patching, one day
> that will change.
>
> Valdis, you confuse me, are you saying we shouldn't discuss and evolve
> how we respond to the insider threat because its already been
> invented?
>
> That makes no sense, because we didn't have cyber terrorism back when
> your quote is from, so circumstances of the inside threat change and
> we've got to talk about how to counter new emerging threats which come
> under the old age insider threat bracket.
>
> I had respect for you once a upon a time Valdis, don't make that change.
>
> As far as I know a security threat is never completely conquered and
> has to be continually re-evaluated all the time.
>
> So valdis, should no one talk about insider threat again because its
> been invented already?
>
> Has someone hijacked Valdis e-mail today???
>
> All the best,
>
> n3td3v
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>   

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ