lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 23 Dec 2010 03:26:03 -0500 From: wac <waldoalvarez00@...il.com> To: lists@...com.org Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Making Security Suck Less Aha, welcome to the world. It is broken and will likely keep that way for long. So do what i do... Adapt, take a seat, wear a green hat if you can and forget about the rest. They will not understand, nor they want to. Besides we would see a load of net admins loosing their jobs / companies filling bankruptcy if the model changes so... You know what.. Bertrand Russell said once: "Men who are unhappy, like men who sleep badly, are always proud of the fact." Sort like the old way of saying "don't worry be happy!" :D And I have serious doubts about that OSSTMM btw. On 12/16/10, Pete Herzog <lists@...com.org> wrote: > Hi, > > "Now not everything about the old security model is bad. Personally, I > really like the Zen feel of it. It's like raking the fine, white, > beach sand into those concentric lines and around rocks and dead fish > and stuff. It's very Zen. Then as the tide rises, the wind blows, and > Frisbees get badly thrown you have to do it all over again in a very > Zen way like this: Install. Harden. Configure. Patch. Scan. Patch > again. Update. Re-configure. Scan. Patch again. Uninstall. Re-install. > Configure. And then you do it all over again! With so much Zen > practice it's hard not to become a Master of the security repeat > cycle. But you know what else is Zen? NOT doing that. It's less > stressful to maintain an existing balance between operations, > limitations, and controls then running around and putting out fires." > > This is from my new article called, "Making Security Suck Less" you > can read finished at: > > https://www.infosecisland.com/blogview/10304-Making-Security-Suck-Less.html > > There's some more, new articles reviewing the OSSTMM and the new > security model at InfoSec Island here: > > https://www.infosecisland.com/osstmm.html > > Sincerely, > -pete. > > -- > Pete Herzog - Managing Director - pete@...com.org > ISECOM - Institute for Security and Open Methodologies > www.isecom.org - www.osstmm.org > www.hackerhighschool.org - www.badpeopleproject.org > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists