lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 16 Jan 2012 12:46:43 -0800 (PST)
From: E M <erhard_m07@...oo.com>
To: "noloader@...il.com" <noloader@...il.com>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Fwd: Rate Stratfor's Incident Response

I would say that we need both types: the skiddies and the others.
If you give to the skiddies enough fun at work they won't do something beyond the scope.
But their scope should be: I have a site/system(of course, the test one, not the production one!) break it!
They do it without being evil, even if they break it....the job was to break it in the first place. 

Then the other security guy should go to the management with the pwnd dummy database/data and show them how bad it would be if it was the real one, and how easily it could be done.
Maybe this way the management provides more funding to the security of the business.

So, yes, hire the skiddies, but keep the other too.



________________________________
 From: Jeffrey Walton <noloader@...il.com>
To: Laurelai <laurelai@...echan.org> 
Cc: full-disclosure@...ts.grok.org.uk 
Sent: Monday, January 16, 2012 9:58 PM
Subject: Re: [Full-disclosure] Fwd: Rate Stratfor's Incident Response
 
On Sat, Jan 7, 2012 at 6:03 PM, Laurelai <laurelai@...echan.org> wrote:
>
> Perhaps these companies should try to hire the kids owning them instead of
> crying to the feds.
Perhaps Stratfor's competition should hire them. Nothing new, there:
the Eastern Telegraph Company hired Nevil Maskelyne after he hacked
Marconi in 1903 during a demonstration of wireless telegraphy. [1]
(Wireless hacking since 1903!).

[1] http://www.newscientist.com/article/mg21228440.700-dotdashdiss-the-gentleman-hackers-1903-lulz.html.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ