Security Basics mailing list archives
RE: How hackers cause damage...
From: "Craig Wright" <cwright () bdosyd com au>
Date: Fri, 3 Mar 2006 11:34:12 +1100
Ansgar, "Fire them and get someone who does. Again, contrary to your belief there are enough people who know (or can be trained to know) what to do. I don't believe things are so much worse in Australia than they are here in Germany." ***Prove it***. Show me the data. The evidence to support your claim. Explain how the over 2 billion hosts in the world can be secured with the number of people in the industry. Show some figures to demonstrate that there are enough people to cover off all companies let alone all organisations. Show me how the economic figures for ANY country could support this increase. The US is having enough issues with SOX compliance and this does NOT mean security. I would love to be in a world where everything was secured, but I miss how this would be achievable at the moment. I see that a risk based approach is possible, but HOW do we achieve security everywhere? Please Ansgar, I challenge you to supply any of these arguments with real data. Craig -----Original Message----- From: Ansgar -59cobalt- Wiechers [mailto:bugtraq () planetcobalt net] Sent: 3 March 2006 11:08 To: Craig Wright Subject: Re: How hackers cause damage... On 2006-03-03 Craig Wright wrote:
That's pretty obvious, because if life was more important, measures would have been taken *before* an incident could have happenedAssuming all people know and understand IT let alone IT security. This
is not the case. Even where there are clear lines of criminal responsibility for negligence - systems are not always secured.
I didn't say they were. I said they should be.
HIPPA in the US, NPP4 in Australia etc etc give provision for criminal
responsibility for systems administrators who have failed to adequately secure systems, but this is of little comfort to the families of somebody who gets to sue them. Most of these people do not
know what they have to do.
Fire them and get someone who does. Again, contrary to your belief there are enough people who know (or can be trained to know) what to do. I don't believe things are so much worse in Australia than they are here in Germany.
For all your belief Ansgar there are not enough *trained* and *experienced* security people to do everything. The opinion "It's just
that there are too many clueless people." is true I am sorry to say. This is one of the flaws in your argument/thesis. There can not be both too many people who do not understand and also enough people to secure everything.
Why, of course there can. Having too many clueless people just means that you have a harder time finding a clueful one, not that there aren't enough clueful people.
PS Try not to get upset. You lose weight of argument to emotion.
I'm getting annoyed, not upset, because you seem to continually ignore most anything I'm saying. For one last time: why do you believe it would be helpful to prosecute the person that *exploited* a vulnerability rather than the person that *created* the vulnerability? Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists. DISCLAIMER The information contained in this email and any attachments is confidential. If you are not the intended recipient, you must not use or disclose the information. If you have received this email in error, please inform us promptly by reply email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. Any views expressed in this message are those of the individual sender. You may not rely on this message as advice unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by a Partner of BDO. BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised access. --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- RE: How hackers cause damage... Craig Wright (Mar 03)
- Re: How hackers cause damage... Ansgar -59cobalt- Wiechers (Mar 03)
- <Possible follow-ups>
- RE: How hackers cause damage... Craig Wright (Mar 03)
- RE: How hackers cause damage... Craig Wright (Mar 06)