lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 16 Jun 2011 04:24:36 -0700
From: coderman <coderman@...il.com>
To: Valdis.Kletnieks@...edu
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Absolute Sownage (A concise history of recent
 Sony hacks)

On Wed, Jun 15, 2011 at 9:16 AM,  <Valdis.Kletnieks@...edu> wrote:
> ...
> And there's the flip side of it - there's some 140+ million .com's out there.
> For the vast majority of them, covering the 95% is in fact sufficient, because
> they are *so* small that it's probably safe to bet that everybody with actual
> skillz is too busy hitting more valuable targets to bother whacking them.

140+ million .com's full of vuln. was this supposed to be a cheerful message?

~_~;



> After all, how many black hats with skillz will spend 3-4 days figuring out
> how to whack Billy Bob's Bait, Tackle and Cell Phones and make maybe a
> few hundred dollars, when they can go whack something in the 95% range
> in a short afternoon and make 10 times as much?

i don't spell skillz  "C I S S P"
  ... and respectable blackhats aren't paid hourly!

(btw, it would take 5-15 minutes, cell phone resellers are great
avenues into carrier networks, and you gotta bait your phishes,
right?. perhaps you picked a poor example to prop up this whimsical
hypothetical...)



> Yes, you're still technically vulnerable, but at some point you really need
> to give up the paranoia and get on with your actual business.

basic competencies and practices are "paranoia" level precautions.
this is what makes infosec great!

however i agree with your premise. it's a business decision; nobody
cares; and it's cheaper to fuck off now and repent later on the off
chance (read: very slim chance) you lose your bet on the pwnies... and
even then you're likely able to pass the buck off on the next vendor
or provider - Get Out of Responsibility Free Card!


now pardon me as i sate this urge to inebriate which you have
masterfully instilled via discourse on the destitute digital denizens
devoid of any desire to deliver themselves from the absurd theater
that is "information security" and the prevalent lack thereof.
  [can i buy whiskey with bitcoin yet?]

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ