Full Disclosure mailing list archives
Re: [SPAM] Re: [Full-Disclosure] Full-disclosure Posts
From: Hugo van der Kooij <hvdkooij () vanderkooij org>
Date: Mon, 18 Oct 2004 07:23:56 +0200 (CEST)
On Sun, 17 Oct 2004, yahoo@localhost wrote:
On Sat, 16 Oct 2004 19:13:18 -0700, Etaoin Shrdlu <shrdlu () deaddrop org> wrote:Of course, anyone still using the term "hax0r" as though it were meaningful might want to think further about what a "security professional" might beA security professional is someone who cares more about money than the real issue of security at where they work. They don't go the extra mile for the interests of security at where they work, as they don't want to risk the job they're in. My view is corporations should not employ uni graduates and thirty-somethings to work in a security team. They very likely still can't open a can of beans and certainly have no idea about the real issues which face them. They follow company policy and go home at the end of the day, and switch off. The people who should be working at a security team should be volunteers who have the real interests of the company in mind, instead of money. The security professional as we know it (uni graduate and 30 something) is not a hax0r, they are ph.d or whatever who are skilled on an academic level, and thats as far as it goes, which in my opinion isn't far enough. Being a security professional is ment to be about passion, strictly not money, in my humble opinion. Stop employing academics and get the hackers in to do the job properly, unpaid of course, at least to start off with, to make sure they're joining the company for the right reasons. ;-)
Companies do not care about security. The CEO only works with numbers. If bad security losses 100k per month but tightening things up loses 105k per month on productivity they take the 5k per month profit regardless of who is doing security and leave it open. It has very little to do with attitude on the security staff. If you want to work corporate you need to understand corporate thinking. Taking simple countermeasures to prevent damagae from things like a Slammer Worm are laughed at untill they get hit and loose 2 days worth of business. Then they start screaming to get it installed yesterday. You do not have to like it but that is the sad state we are in. Hugo. -- I hate duplicates. Just reply to the relevant mailinglist. hvdkooij () vanderkooij org http://hvdkooij.xs4all.nl/ Don't meddle in the affairs of magicians, for they are subtle and quick to anger. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: [Full-Disclosure] Full-disclosure Posts Sir Robert Mortimer Thrip (Oct 16)
- <Possible follow-ups>
- [Full-Disclosure] Full-disclosure Posts yahoo@localhost (Oct 16)
- Re: [Full-Disclosure] Full-disclosure Posts Mike Barushok (Oct 16)
- Re: [Full-Disclosure] Full-disclosure Posts yossarian (Oct 16)
- Re: [Full-Disclosure] Full-disclosure Posts Etaoin Shrdlu (Oct 16)
- Re: [Full-Disclosure] Full-disclosure Posts 404 (Oct 17)
- Re: [Full-Disclosure] Full-disclosure Posts yahoo@localhost (Oct 17)
- Re: [SPAM] Re: [Full-Disclosure] Full-disclosure Posts Hugo van der Kooij (Oct 17)
- Re: [SPAM] Re: [Full-Disclosure] Full-disclosure Posts xploitable (Oct 18)
- Re: [Full-Disclosure] Full-disclosure Posts backyard@yahoo-inc (Oct 17)
- Re: [Full-Disclosure] Full-disclosure Posts yossarian (Oct 17)
- Re: [Full-Disclosure] Full-disclosure Posts xploitable (Oct 18)
- Re: [Full-Disclosure] Full-disclosure Posts yossarian (Oct 18)
- WSDL / UDDI scanner n30 (Oct 22)