[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAH-PCH41-8tnVmjgS9_XQfQq=5DkEf-pYoFiza-LsPFP0hsGpA@mail.gmail.com>
Date: Sun, 8 Jan 2012 00:31:39 +0100
From: Ferenc Kovacs <tyra3l@...il.com>
To: Laurelai <laurelai@...echan.org>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Fwd: Rate Stratfor's Incident Response
On Sun, Jan 8, 2012 at 12:03 AM, Laurelai <laurelai@...echan.org> wrote:
> On 1/7/12 3:50 PM, Valdis.Kletnieks@...edu wrote:
>
> On Sat, 07 Jan 2012 16:25:35 EST, Shyaam Sundhar said:
>
>
> Although, once they have gained popularity and to a stage where a garage
> office becomes a shop floor and a @home biz becomes a rent-a-million$-building
> office, it is time to shift priorities.
>
> If finding people who are competent enough to secure a payroll system for a
> company of 10 people is difficult, what makes you think that it's easy to find
> people who can secure the systems for a company of 1,000?
>
> As Stratfor has demonstrated, the talent pool of *really* competent security
> people is shallow enough that there's not even enough to secure the security
> companies. And it's not just Stratfor - when was the last time this list went a
> week without mocking a security company for its lack of clue? It's an industry-wide
> problem - there's a *severe* shortage of experts.
>
> And even though schools like DeVry and ITT are churning out lots of people with
> entry level certifications, I'm not at all sure that helps the situation - we
> end up with a lot of people who are entry level, and don't realize how much
> they don't know. That makes them almost more dangerous than not having anybody
> at all. Sort of like if you walk alone through a scary part of town, you
> actually stand a good chance because you *know* you're alone and will act
> accordingly - but if you have a bodyguard with you, you're likely to act
> differently, and end up totally screwed when you find out said bodyguard has a
> belt in martial arts, but zero experience in street fighting...
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> Perhaps these companies should try to hire the kids owning them instead
> of crying to the feds.
>
why do you think that kiddies using tools like sqlmap would be able to
defend them from other kids?
--
Ferenc Kovács
@Tyr43l - http://tyrael.hu
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists