lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 11 Jan 2012 12:40:33 -0500
From: Kyle Creyts <kyle.creyts@...il.com>
To: Laurelai <laurelai@...echan.org>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Fwd: Rate Stratfor's Incident Response

I would also like to point out that "finding the bugs" is not the  same as
"fixing the bugs," and that for all the focus that is placed on finding
them, and lauding the people that do, fixing them is usually pretty
thankless. I think shifting that dynamic would be more rewarding if
"advancing the state of the industry" is really what is valued.
On Jan 11, 2012 7:41 AM, "Laurelai" <laurelai@...echan.org> wrote:

> On 1/10/12 11:39 PM, Ian Hayes wrote:
> > On Tue, Jan 10, 2012 at 9:18 PM, Laurelai<laurelai@...echan.org>  wrote:
> >> On 1/10/12 10:18 PM, Byron Sonne wrote:
> >>>> Don't piss off a talented adolescent with computer skills.
> >>> Amen! I love me some stylin' pwnage :)
> >>>
> >>> Whether they were skiddies or actual hackers, it's still amusing (and
> >>> frightening to some) that companies who really should know better, in
> >>> fact, don't.
> >>>
> >> And again, if companies hired these people, most of whom come from
> >> disadvantaged backgrounds and are self taught they wouldn't have as much
> >> a reason to be angry anymore. Most of them feel like they don't have any
> >> real opportunities for a career and they are often right.
> > [citation needed]
> >
> >> Microsoft hired some kid who hacked their network, it is a safe bet he
> isn't going
> >> to be causing any trouble anymore.
> > Are you proposing that we reward all such behavior with jobs? I've
> > always wanted to be a firefighter. Forget resumes, job applications
> > and interviews, I'm going to set people's houses on fire. By your
> > logic, an arsonist is not only the best person to combat other
> > arsonists, but due to his obviously unique insight into the nature of
> > fire, simply must know how best to fight a fire as opposed to someone
> > who went to school for years to learn the trade.
> >
> >> Talking about the trust issue, who
> >> would you trust more the person who has all the certs and experience
> >> that told you your network was safe or the 14 year old who proved him
> >> wrong?
> > This is asinine. WHY would I want to hire someone for a position of
> > trust that just committed a crime, or at the very least acted in an
> > unethical manner? More than anything, that person has proven that
> > while he *might* have the technical chops, he certainly lacks the
> > ethics and decision making skills to operate in the grown-up world.
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> Because the ones with the so called ethics either lack the technical
> chops or lack the enthusiasm to find simple vulnerabilities. Not very
> ethical to take a huge paycheck and not do your job if you ask me.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists