Full Disclosure mailing list archives
Re: [SD:jason.full-disclosure] RE: NASA.GOV SQL Injections
From: Jason Freidman <jason () compnski com>
Date: Fri, 17 Oct 2003 15:24:37 -0400
From my experience working at NASA (moffet field as an intern one summer) was that their IT department (in my building) was good at what they did but had a pretty restrictive security policy (which is a good thing i guess). So i would rate them as excellent although too restrictive. On Fri, 2003-10-17 at 14:03, Ron DuFresne wrote:
On Fri, 17 Oct 2003, Jonathan A. Zdziarski wrote:No offense meant to the fine IT people at NASA, but do you seriously believe that the one-percenters are securing the network? As opposed to say, figuring out how to land a rover on Mars, how to keep astronauts alive in space, how to overcome the long-term negative effects of zero gravity, etc., etc.???Maybe I'm not as familiar with NASA as others might be, but I would think NASA would try and hire the most gifted IT people they could find (e.g. the cream of the crop). Since I've never run into one, I can't prove this theory - I suppose it's possible they're all morons...but if I had the resources NASA has, there wouldn't be any idiots working for me. I wonder if their janitors require security clearance just to work there...if that's the case their IT people are most likely l33t.Of course, one might think the same thing about the FED gov and the various states govs. Untill one looks at pay rates, and how they compare to the private sector. And that pays little or no mind to the POLITICS in such places. One does not merely work in a gov related setting, one HAS to play a political tightrope walk, with less the proportional pay that private sector jobs provide. Thus, whne the OSB and GAO audits and their released findings that make it into the headlines and before congress now and then come as no surprise. I did an interesting article on the state of cyber security a year or so ago mentioning some of this for TISC Insight Newsletter, and a copy can be found at http://sysinfo.com/sec-state.html. C ourse, if anyone would like to hear the real nightmares of gov related work and the political BS that prevents real work from getting accomplished, I'll be happy to talk offline/offrecord. Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ------------------------ Sent to jason.full-disclosure Edit forwarding: http://spamdam.compsnki.com//editemail.php?fid=32 Description: full disclosure maling list
-- Jason Freidman <jason () compnski com>
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- RE: NASA.GOV SQL Injections, (continued)
- RE: NASA.GOV SQL Injections Russ Spooner (Oct 17)
- RE: NASA.GOV SQL Injections Jonathan A. Zdziarski (Oct 17)
- RE: NASA.GOV SQL Injections Russ Spooner (Oct 17)
- RE: NASA.GOV SQL Injections Schmehl, Paul L (Oct 17)
- RE: NASA.GOV SQL Injections Jonathan A. Zdziarski (Oct 17)
- RE: NASA.GOV SQL Injections Ron DuFresne (Oct 17)
- RE: NASA.GOV SQL Injections Jonathan A. Zdziarski (Oct 17)
- RE: NASA.GOV SQL Injections Ron DuFresne (Oct 17)
- RE: NASA.GOV SQL Injections madsaxon (Oct 17)
- Re: NASA.GOV SQL Injections Gregory A. Gilliss (Oct 17)
- Re: NASA.GOV SQL Injections Ron DuFresne (Oct 17)
- RE: NASA.GOV SQL Injections Jonathan A. Zdziarski (Oct 17)
- Re: [SD:jason.full-disclosure] RE: NASA.GOV SQL Injections Jason Freidman (Oct 17)
- Re: NASA.GOV SQL Injections Valdis . Kletnieks (Oct 18)
- Re: NASA.GOV SQL Injections Ron DuFresne (Oct 20)
- Re: NASA.GOV SQL Injections Exibar (Oct 17)
- RE: NASA.GOV SQL Injections Joe (Oct 18)
- Re: NASA.GOV SQL Injections Jonathan A. Zdziarski (Oct 18)
- Re: NASA.GOV SQL Injections Paul Schmehl (Oct 18)
- Re: NASA.GOV SQL Injections Valdis . Kletnieks (Oct 19)
- Re: NASA.GOV SQL Injections Paul Schmehl (Oct 19)
- Re: NASA.GOV SQL Injections Valdis . Kletnieks (Oct 19)