lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 14 Apr 2008 15:54:09 -0400
From: "G. D. Fuego" <gdfuego@...il.com>
To: n3td3v <xploitable@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Fwd: n3td3v has a fan

On Mon, Apr 14, 2008 at 3:04 PM, n3td3v <xploitable@...il.com> wrote:

>
> There are many ways the parking setup could be used against Yahoo
> adversaries, think car bomb, or truck bomb? It was hugely
> irresponsible of Yahoo to allow such photos to be taken by on-the-fly
> employees.
>

The biggest problem with this theory is that a car bomb attack against Yahoo
is incredibly unlikely.  When you're looking to implement security controls
against a potential threat, you need to take in account the likelihood of
the threat.  You actually end up using a lot of the same math that an
insurance adjuster would take into account (ugh).  If you try to defend
against every single possible yet unlikely occurrence, then you'll end up
missing out on the more likely yet less devastating problems.

But lets assume for a second that someone was planning on car bombing
Yahoo.  The lack of photos will barely slow them down.  If you can't find
photos, you can generally get building plans (public records).  If you can't
get building plans, you just drive into the building and take your best
guess as to where the most devastating place to park would be.

The real protection would be access control to the garage, NOT preventing
photographs.

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ