lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CABgXHn98_Q0qo9LO5FLFPjxC4d0QWQND1nhSHDs5_mjocPG=Sw@mail.gmail.com>
Date: Thu, 16 Jan 2014 17:47:11 +0000
From: Dan Ballance <tzewang.dorje@...il.com>
To: Valdis Kletnieks <Valdis.Kletnieks@...edu>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: EE BrightBox router hacked - bares all if you
 ask nicely

What I don't understand about everyone's scepticism here is it seems like
nobody thinks security can be improved and that we shouldn't be shocked
when large corporations roll out hopelessly insecure kit. How do you think
we can best protect the consumer then?


On 16 January 2014 17:44, <Valdis.Kletnieks@...edu> wrote:

> On Thu, 16 Jan 2014 11:30:18 +0000, Dan Ballance said:
>
> > So your point is that there should be legislation to require companies to
> > adhere to certain security standards? I'd support that - particularly in
> an
> > ISP market which is clearly defined by national boundaries and law.
>
> OK.. What standard do you want to hoist as a legal mandate?
>
> Bonus points for finding a standard that provides enough *actual* security
> that it is worth doing, but yet won't bankrupt the industry.  Consider that
> of all the credit-card breaches we've seen so far this century, something
> outrageous like 97% of the victim companies had current audits that listed
> them as being 100% PCI compliant at the time of the incident.
>
> So how do you do it so it actually adds security, rather than just being
> a huge government-mandate money transfer to the auditing/certification
> groups involved?
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists