| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 16 Jun 2011 12:56:25 +0100 From: mrx <mrx@...pergander.org.uk> To: full-disclosure@...ts.grok.org.uk Subject: Re: Absolute Sownage (A concise history of recent Sony hacks) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 16/06/2011 12:24, coderman wrote: > On Wed, Jun 15, 2011 at 9:16 AM, <Valdis.Kletnieks@...edu> wrote: >> ... >> And there's the flip side of it - there's some 140+ million .com's out there. >> For the vast majority of them, covering the 95% is in fact sufficient, because >> they are *so* small that it's probably safe to bet that everybody with actual >> skillz is too busy hitting more valuable targets to bother whacking them. > > 140+ million .com's full of vuln. was this supposed to be a cheerful message? > > ~_~; It really depends on the colour of your hat. :-7 > >> After all, how many black hats with skillz will spend 3-4 days figuring out >> how to whack Billy Bob's Bait, Tackle and Cell Phones and make maybe a >> few hundred dollars, when they can go whack something in the 95% range >> in a short afternoon and make 10 times as much? > > i don't spell skillz "C I S S P" > ... and respectable blackhats aren't paid hourly! > > (btw, it would take 5-15 minutes, cell phone resellers are great > avenues into carrier networks, and you gotta bait your phishes, > right?. perhaps you picked a poor example to prop up this whimsical > hypothetical...) > > > >> Yes, you're still technically vulnerable, but at some point you really need >> to give up the paranoia and get on with your actual business. > > basic competencies and practices are "paranoia" level precautions. > this is what makes infosec great! > > however i agree with your premise. it's a business decision; nobody > cares; and it's cheaper to fuck off now and repent later on the off > chance (read: very slim chance) you lose your bet on the pwnies... and > even then you're likely able to pass the buck off on the next vendor > or provider - Get Out of Responsibility Free Card! > > > now pardon me as i sate this urge to inebriate which you have > masterfully instilled via discourse on the destitute digital denizens > devoid of any desire to deliver themselves from the absurd theater > that is "information security" and the prevalent lack thereof. > [can i buy whiskey with bitcoin yet?] > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > - -- Mankind's systems are white sticks tapping walls. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBTfnvabIvn8UFHWSmAQKBYwgA2No2sTTwyCwlnjGScrxvpCImJVRI0Yh7 wmHiLF49JMeyx5qMlptYzgRpFTxxk2tWg+o9YQ7VrfZ9LeYDuSCQY5epbLIIQbJ1 g2PGVxvR9h5JTu4Se//NbRFxa2WHJvwWLjNeGnYe5FBEj7ORlktJUI28yk5V3r6Y 71uSBk+t6Fbwtbq4Gc+jPzFamLTA54yu1g4Jbl6jyqufFt5YDxzADkWhS2ByKdcR K1Q05KzOQ43T9BIIEDRJXAd1FgwYIajr3eXCTjmgpy+WknGH2D2FCjOx0N7Aam9N NO+ajjQ0iIISD9Vq1PvOX0RjMU4xTTZeHY82cCWnNcT5jolKta9vAA== =zh5y -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists