lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4C6BC918.5010901@isecom.org>
Date: Wed, 18 Aug 2010 13:50:48 +0200
From: Pete Herzog <lists@...com.org>
To: full-disclosure@...ts.grok.org.uk
Subject: Better Security Through Sacrificing Maidens

Hi,

The typical enterprise security today is one that is properly prepared 
to sacrifice something to an attacker now so they will be 100% 
prepared against it later. There's something wrong with that method 
and it's part of the reason why ISECOM is taking some very new 
directions in security that may seem strange or confusing to many 
security professionals.

I have written up my explanation for the changes and it touches on 
many sticky topics in security: Risk, penetration testing, 
vulnerability disclosure, Compliance, trust, certification, and 
defense. One thing that I left out is why we moved away from defense 
in depth as well. However, that requires a lot more words and the 
article ended up being perhaps too long as it is. So maybe in a future 
article.

Do keep in mind that I tried to be nice and not lay blame on anyone or 
any group. So please don't flame me for having a different opinion. 
Instead, take this as a discussion point because I'm sure you also 
recognize something about security isn't working.

https://www.infosecisland.com/blogview/6646-Better-Security-Through-Sacrificing-Maidens.html

Sincerely,
-pete.

-- 
Pete Herzog - Managing Director - pete@...com.org
ISECOM - Institute for Security and Open Methodologies
www.isecom.org - www.osstmm.org
www.hackerhighschool.org - www.badpeopleproject.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ