lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 29 May 2010 08:14:17 +0200
From: Christian Sciberras <uuf6429@...il.com>
To: "Thor (Hammer of God)" <Thor@...merofgod.com>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: What do you guys think about it?

Of course it's boring, the days when one said "I've just found another 50
holes in MS's network stack" are all gone.

The thing is, you are either a security professional *testing products* or
you're just talking about security thinking you are one.
In the past all it took to "become a 'hacker'" was getting informed about
hacking techniques, finding some exploit (which was way more easy than
today) and finally someone calling you "hacker".

Mind you, many call me "hacker" seeing me using consoles but (irony irony)
I'm no [seasoned] hacker.

As a software developer, I still find certain security issues challenging.
Sure Mr Purser might find everything less exciting, but hey did you write
anything from scratch lately? What are you coding in, Javascript or JQuery
(as an example)?

My point is, frameworks and products address security issues themselves,
making it easier for end-developers to use. But a big time hacker like Mr
Purser finds it boring.

As of myself, I refrain from depending on frameworks for a single useful
feature, which means I have to write from scratch and study that feature,
making sure it is "safe".
And who knows, while at it I might notice a bu or two in the said
framework...

Regards,
Christian Sciberras





On Fri, May 28, 2010 at 9:42 PM, Thor (Hammer of God)
<Thor@...merofgod.com>wrote:

> Exactly.
>
> -----Original Message-----
> From: full-disclosure-bounces@...ts.grok.org.uk [mailto:
> full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Marsh Ray
> Sent: Friday, May 28, 2010 12:37 PM
> To: full-disclosure@...ts.grok.org.uk
> Subject: Re: [Full-disclosure] What do you guys think about it?
>
> On 5/28/2010 2:18 PM, Rafael Moraes wrote:
> > Read and give your opinion!
> >
> > http://www.networkworld.com/community/node/60303
>
> If he thinks security is boring problem solved by installing the latest
> plug-in appliance, I see he has two options:
>
> 1. Publicly issue a "hack me" challenge listing the names of his
> employers/clients. Extend a big middle finger to some organized
> international groups. That might make his job more interesting for a while.
>
> - or -
>
> B. Step aside and let somebody with energy and imagination have a turn.
>
> - Marsh
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists