lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <AANLkTin2zLyJtbRuHs3i-sumu-JpYKH0Fk2nH0GnO6Yc@mail.gmail.com>
Date: Fri, 21 Jan 2011 11:24:15 +0000
From: "Cal Leeming [Simplicity Media Ltd]"
	<cal.leeming@...plicitymedialtd.co.uk>
To: imipak <imipak@...il.com>
Cc: Full Disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: "Hacker attacks won't hurt your company brand"

It all depends what kind of breach happened.

Breaches caused by script kiddies and their automated kits, aren't exactly
very high profile, and usually come from poor security ethics surrounding
the infrastructure (i.e. lack of updates, no NIDS in place, no port
blocking, no IP whitelisting etc etc). Falling under this category would
certainly NOT be credible to the company, as it shows their security game is
piss poor.

Breaches caused by rouge internal staff members, or where the company has
been specifically targeted for a long play, would be the only circumstances
where the publicity could actually be beneficial, as it creates interesting
controversy, unlike the latter.

All the above is just my opinion though, not proven fact (although I've
headed up enough disaster recovery contracts after both ext and int breaches
to have a clear insight as to how these kinda things go down)

On Fri, Jan 21, 2011 at 11:02 AM, imipak <imipak@...il.com> wrote:

> "...the idea that a breach is unlikely to kill your organization is
> spreading, because it’s backed by data."
>
> " If you’ve been spreading FUD [..] you’re going to face some harsh
> questions. By regularly making claims which turn out to be false, people
> undermine their credibility. If you’re one of those people, expect questions
> from those outside security who’ve heard you make the claim."
>
> "If you’re still doing it, you’re creating problems for yourself. Even
> worse, you’re creating problems for security professionals in general."
>
> (Adam Shostack,
> http://newschoolsecurity.com/2011/01/a-day-of-reckoning-is-coming/ )
>
>
> Anyone?
>
> -i
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ