Full Disclosure mailing list archives
(no subject)
From: full-disclosure () lists netsys com (Timothy J.Miller)
Date: Fri, 16 Aug 2002 11:55:40 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday, August 16, 2002, at 10:24 AM, Matthew Murphy wrote:
We must direct our anger towards these losers at these losers. Anything else is an attack against our own values. While they claim to be hackers, their method of attack shows them to be nothing more than spoiled children. You can either fight them or give up, there's not an inch of middle ground. Are you up for it?
In some ways, I understand their ire. There are, within the "security industry" (whatever that means) people who-- intentionally or unintentionally-- sell their customers short. The people create a false aura of security wherever they pass, and are unwilling or incapable of expanding their capabilities. Scanning a network doesn't make it secure, but we've all run into people who think it does-- including people who should know better. I've long advocated (and tried to design) systems (not just hardware, but software and business practices) that *fail well*. Systems designed not to be unbreakable-- a fool's pursuit, to be sure-- but to contain the inevitable breach. Systems that fail in known modes, so that the consequences of an intrusion are known ahead of time, and steps can be taken based on that knowledge. Systems that don't eliminate risk, but manage risk. Unfortunately, most customers aren't interested because systems like this are expensive. They're hard to design, hard to build, hard to maintain, and require profound knowledge of the components and the activities that use them. It's a hard sell, especially when those less educated self-labeled experts (and vendors) are pushing silver bullets in the form of yet another certification, yet another scanner, yet another training course. I could be wrong, but I see the current upwelling of vitriol directed at these people. They are truly living off the labor of others, and providing little of use to anyone, including their customers. But they're not everyone. - -- Cerebus -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (Darwin) Comment: For info see http://www.gnupg.org iD8DBQE9XS6WFdr5Tz1ZWt4RAterAJ0U1ScYsrerPpgpEkskGPB5ke3DAgCfVILc IoFOjnYDglRW3xk8dkYxtzQ= =AoN7 -----END PGP SIGNATURE-----
Current thread:
- (no subject) full-disclosure () lists netsys com (Aug 13)
- <Possible follow-ups>
- (no subject) Democow (Aug 15)
- (no subject) Democow (Aug 15)
- (no subject) T34cup (Aug 16)
- (no subject) Matthew Murphy (Aug 16)
- (no subject) Timothy J.Miller (Aug 16)
- (no subject) Matthew Murphy (Aug 16)
- (no subject) Timothy J.Miller (Aug 16)
- (no subject) Matthew Murphy (Aug 16)
- =;-> full-disclosure () lists netsys com (Aug 16)
- Yes? Peter van den Heuvel (Aug 17)
- (no subject) Timothy J.Miller (Aug 16)
- (no subject) Matthew Murphy (Aug 17)