lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 8 Jan 2012 00:31:39 +0100
From: Ferenc Kovacs <tyra3l@...il.com>
To: Laurelai <laurelai@...echan.org>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Fwd: Rate Stratfor's Incident Response

On Sun, Jan 8, 2012 at 12:03 AM, Laurelai <laurelai@...echan.org> wrote:

>  On 1/7/12 3:50 PM, Valdis.Kletnieks@...edu wrote:
>
> On Sat, 07 Jan 2012 16:25:35 EST, Shyaam Sundhar said:
>
>
>  Although, once they have gained popularity and to a stage where a garage
> office becomes a shop floor and a @home biz becomes a rent-a-million$-building
> office, it is time to shift priorities.
>
>  If finding people who are competent enough to secure a payroll system for a
> company of 10 people is difficult, what makes you think that it's easy to find
> people who can secure the systems for a company of 1,000?
>
> As Stratfor has demonstrated, the talent pool of *really* competent security
> people is shallow enough that there's not even enough to secure the security
> companies. And it's not just Stratfor - when was the last time this list went a
> week without mocking a security company for its lack of clue?  It's an industry-wide
> problem - there's a *severe* shortage of experts.
>
> And even though schools like DeVry and ITT are churning out lots of people with
> entry level certifications, I'm not at all sure that helps the situation - we
> end up with a lot of people who are entry level, and don't realize how much
> they don't know. That makes them almost more dangerous than not having anybody
> at all. Sort of like if you walk alone through a scary part of town, you
> actually stand a good chance because you *know* you're alone and will act
> accordingly - but if you have a bodyguard with you, you're likely to act
> differently, and end up totally screwed when you find out said bodyguard has a
> belt in martial arts, but zero experience in street fighting...
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>  Perhaps these companies should try to hire the kids owning them instead
> of crying to the feds.
>

why do you think that kiddies using tools like sqlmap would be able to
defend them from other kids?


-- 
Ferenc Kovács
@Tyr43l - http://tyrael.hu

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ