[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <4DF9EF69.9050704@propergander.org.uk>
Date: Thu, 16 Jun 2011 12:56:25 +0100
From: mrx <mrx@...pergander.org.uk>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Absolute Sownage (A concise history of recent
Sony hacks)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 16/06/2011 12:24, coderman wrote:
> On Wed, Jun 15, 2011 at 9:16 AM, <Valdis.Kletnieks@...edu> wrote:
>> ...
>> And there's the flip side of it - there's some 140+ million .com's out there.
>> For the vast majority of them, covering the 95% is in fact sufficient, because
>> they are *so* small that it's probably safe to bet that everybody with actual
>> skillz is too busy hitting more valuable targets to bother whacking them.
>
> 140+ million .com's full of vuln. was this supposed to be a cheerful message?
>
> ~_~;
It really depends on the colour of your hat.
:-7
>
>> After all, how many black hats with skillz will spend 3-4 days figuring out
>> how to whack Billy Bob's Bait, Tackle and Cell Phones and make maybe a
>> few hundred dollars, when they can go whack something in the 95% range
>> in a short afternoon and make 10 times as much?
>
> i don't spell skillz "C I S S P"
> ... and respectable blackhats aren't paid hourly!
>
> (btw, it would take 5-15 minutes, cell phone resellers are great
> avenues into carrier networks, and you gotta bait your phishes,
> right?. perhaps you picked a poor example to prop up this whimsical
> hypothetical...)
>
>
>
>> Yes, you're still technically vulnerable, but at some point you really need
>> to give up the paranoia and get on with your actual business.
>
> basic competencies and practices are "paranoia" level precautions.
> this is what makes infosec great!
>
> however i agree with your premise. it's a business decision; nobody
> cares; and it's cheaper to fuck off now and repent later on the off
> chance (read: very slim chance) you lose your bet on the pwnies... and
> even then you're likely able to pass the buck off on the next vendor
> or provider - Get Out of Responsibility Free Card!
>
>
> now pardon me as i sate this urge to inebriate which you have
> masterfully instilled via discourse on the destitute digital denizens
> devoid of any desire to deliver themselves from the absurd theater
> that is "information security" and the prevalent lack thereof.
> [can i buy whiskey with bitcoin yet?]
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
- --
Mankind's systems are white sticks tapping walls.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEVAwUBTfnvabIvn8UFHWSmAQKBYwgA2No2sTTwyCwlnjGScrxvpCImJVRI0Yh7
wmHiLF49JMeyx5qMlptYzgRpFTxxk2tWg+o9YQ7VrfZ9LeYDuSCQY5epbLIIQbJ1
g2PGVxvR9h5JTu4Se//NbRFxa2WHJvwWLjNeGnYe5FBEj7ORlktJUI28yk5V3r6Y
71uSBk+t6Fbwtbq4Gc+jPzFamLTA54yu1g4Jbl6jyqufFt5YDxzADkWhS2ByKdcR
K1Q05KzOQ43T9BIIEDRJXAd1FgwYIajr3eXCTjmgpy+WknGH2D2FCjOx0N7Aam9N
NO+ajjQ0iIISD9Vq1PvOX0RjMU4xTTZeHY82cCWnNcT5jolKta9vAA==
=zh5y
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists