lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <BANLkTikPNx8RVCcmr_TDU18dkA-N4KmWsg@mail.gmail.com>
Date: Sun, 24 Apr 2011 20:32:49 -0700
From: coderman <coderman@...il.com>
To: ichib0d crane <themadichib0d@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: infosec rot (was Re: Gomez eats the weak)

On Sat, Apr 23, 2011 at 9:00 AM, ichib0d crane <themadichib0d@...il.com> wrote:
> lol someone who thinks he is original because he is stating things
> that pretty much everyone knows, or at least traces of which may be
> true enough to be known.

poor kid probably bought into degrees and/or certs, got all hyped up on infosec,
  only to find a shitty industry behind the curtain...



> Of course no one but your peers give a crap about what you do, guess
> what? No one but those in the immediate peer group of an architect or
> a subway employee cares about what they do either.

those who seek attention rarely deserve it; this is a feature, not a bug.
hollywood and politics are for those with external loci of identity...



> Of course some moonlight as blackhats, guess what? Some 'anti-man'
> blackhats daylight as paper pushers.

solid ethical reasoning: not taught in school and virtue
unappreciated. this happens in every industry, though infosec loves to
eat its own.



> Of course the government lures the brightest minds to work for them
> and develop exploits for *insert cause here*.

keeping up with the joneses. dozens of state sponsored "cyber"
programs across the globe and counting. what a gold rush!



> Of course most pen-tester's post-exploitation skills suck.

not to mention this only comes into play when an attack is actually
detected. most last way too long, sometimes months/years! before
identified.



> Valdis is right, you must be new here if you think that stating
> obvious facts make you seem smart.

sounds more like frustration and disillusionment.


let me help with that. you forgot to mention the industry charlatans,
the media whores, the pervasive apathy around security processes and
posture in general, save for those brief moments of post-pwning
introspection with fervent commitment to "do better" that lasts about
as long as a new year's resolution.

and development practices, i can't even begin. governments and
megacorps alike keep fucking up the simple stuff, over and over.
whether it's laughable crypto cock-ups, or hilarious insecure
oversights from 90's back like a bad fad in your console and smart
phone, or the security products and vendors getting ravaged themselves
and providing vectors to customers through their softwares (and you're
paying for the privilege!)...


i could on, but i'll haiku instead:

infosec despair
laziness, incompetence
here. there. everywhere.

pwnies on rampage
cyberwar and A. P. T.
thieves, spies, good guys - who?

downhill since '93
onward indefinitely
band-aids but no cure

what is it good for?
lush lucre and free passes
on backs of masses

they're fleecing all
nations, corps, orgs big and small
reparations null

infosec should be?
no. build in security!
existential angst
    [to be, or not to be...]

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ