lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CABgXHn8=zHcwa0u7B9BcfhuOUXZ1_PPha+qc978P_U0_uw3hJw@mail.gmail.com>
Date: Wed, 11 Jan 2012 14:43:58 +0000
From: Dan Ballance <tzewang.dorje@...il.com>
To: Laurelai <laurelai@...echan.org>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Fwd: Rate Stratfor's Incident Response

It was my assumption also - but are we sure this attack was through a
"trivial, well-known attack vector"?


On 11 January 2012 14:40, Laurelai <laurelai@...echan.org> wrote:
> On 1/11/12 8:39 AM, Ferenc Kovacs wrote:
>>
>>
>> Because the ones with the so called ethics either lack the technical
>> chops or lack the enthusiasm to find simple vulnerabilities. Not very
>> ethical to take a huge paycheck and not do your job if you ask me.
>>
>
> If the only thing missing to secure those systems was somebody being able to
> use sqlmap and xss-me, then that could be fixing without hiring people who
> already proved that they aren't trustworthy.
> from my experience, the lack of security comes from the management, you can
> save money on that (and qa) on the short run.
> so companies tend to hire QSA companies to buy the paper which says that
> they are good, when in fact they aren't.
> most of them don't wanna hear that they are vulnerable and take the risks
> too lightly.
> if they would take it-security seriously it simply couldn't be owned through
> trivial, well-known attack vectors.
>
> --
> Ferenc Kovács
> @Tyr43l - http://tyrael.hu
>
> :D at least one person here gets it.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ