Bugtraq mailing list archives
Re: Vulnerabilites in new laws on computer hacking
From: ArkanoiD <ark () eltex ru>
Date: Sun, 19 Feb 2006 16:19:27 +0300
nuqneH, Actually, both are quite useless and non-informative. (should i explain?) "fixing the holes" is, for my estimation, hardly more than 10% of computer security process. Thanks to stupid hollywood movies, customers are almost completely unaware of that :-( They still think a computer security expert is a person who performs attacks and provides a report if he succeeds. On Fri, Feb 17, 2006 at 12:43:49AM -0500, Seth Breidbart wrote:
"Marcus J. Ranum" <mjr () ranum com> wrote:If you're trying to understand the security properties of a system by breaking into it, you not producing valuable reports, anyhow. All you are doing is telling them where to put the next band-aid.I know of too many (more than none is too many) examples where a company went to a Big Consulting Firm and asked for a report on the security of their systems. Many tens of kilobucks later, they got a fancy bound report that said "we couldn't break in" followed by 200 pages of ass-covering by the consulting firm. Then they went to a real security expert, who spent one day attacking their system and gave them a report saying "here are the five easiest ways I found to break into your system. Fix them and call me back." You might not consider that valuable; but how do you consider the expensive fancy bound completely worthless report? Seth
Current thread:
- Re: Vulnerabilites in new laws on computer hacking, (continued)
- Re: Vulnerabilites in new laws on computer hacking Ansgar -59cobalt- Wiechers (Feb 24)
- Message not available
- Re: Vulnerabilites in new laws on computer hacking Ansgar -59cobalt- Wiechers (Feb 21)
- Re: Vulnerabilites in new laws on computer hacking Radoslav Dejanović (Feb 16)
- Re: Vulnerabilites in new laws on computer hacking Glynn Clements (Feb 16)
- Re: Vulnerabilites in new laws on computer hacking Jon Gucinski (Feb 18)
- Re: Vulnerabilites in new laws on computer hacking ArkanoiD (Feb 21)
- RE: Vulnerabilites in new laws on computer hacking Craig Wright (Feb 16)
- Message not available
- RE: Vulnerabilites in new laws on computer hacking Marcus J. Ranum (Feb 16)
- Re: Vulnerabilites in new laws on computer hacking dave (Feb 18)
- Re: Vulnerabilites in new laws on computer hacking Seth Breidbart (Feb 18)
- Re: Vulnerabilites in new laws on computer hacking ArkanoiD (Feb 21)
- Message not available
- Re: Vulnerabilites in new laws on computer hacking ArkanoiD (Feb 18)
- RE: Vulnerabilites in new laws on computer hacking Bigby Findrake (Feb 21)
- Re: Vulnerabilites in new laws on computer hacking Casper . Dik (Feb 24)
- Re: Vulnerabilites in new laws on computer hacking Jure Koren (Feb 26)
- Re: Vulnerabilites in new laws on computer hacking FocusHacks (Feb 21)