Full Disclosure mailing list archives
Re: Fwd: Rate Stratfor's Incident Response
From: Laurelai <laurelai () oneechan org>
Date: Wed, 11 Jan 2012 08:40:30 -0600
On 1/11/12 8:39 AM, Ferenc Kovacs wrote:
Because the ones with the so called ethics either lack the technical chops or lack the enthusiasm to find simple vulnerabilities. Not very ethical to take a huge paycheck and not do your job if you ask me.If the only thing missing to secure those systems was somebody being able to use sqlmap and xss-me, then that could be fixing without hiring people who already proved that they aren't trustworthy. from my experience, the lack of security comes from the management, you can save money on that (and qa) on the short run. so companies tend to hire QSA companies to buy the paper which says that they are good, when in fact they aren't. most of them don't wanna hear that they are vulnerable and take the risks too lightly. if they would take it-security seriously it simply couldn't be owned through trivial, well-known attack vectors.-- Ferenc Kovács @Tyr43l - http://tyrael.hu
:D at least one person here gets it.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Fwd: Rate Stratfor's Incident Response, (continued)
- Message not available
- Re: Fwd: Rate Stratfor's Incident Response Laurelai (Jan 10)
- Re: Fwd: Rate Stratfor's Incident Response Kyle Creyts (Jan 11)
- Re: Fwd: Rate Stratfor's Incident Response Laurelai (Jan 10)
- Re: Fwd: Rate Stratfor's Incident Response James Smith (Jan 10)
- Re: Fwd: Rate Stratfor's Incident Response Valdis . Kletnieks (Jan 10)
- Re: Fwd: Rate Stratfor's Incident Response Laurelai (Jan 10)
- Re: Fwd: Rate Stratfor's Incident Response Valdis . Kletnieks (Jan 11)
- Re: Fwd: Rate Stratfor's Incident Response Ian Hayes (Jan 11)
- Re: Fwd: Rate Stratfor's Incident Response Laurelai (Jan 11)
- Re: Fwd: Rate Stratfor's Incident Response Ferenc Kovacs (Jan 11)
- Re: Fwd: Rate Stratfor's Incident Response Laurelai (Jan 11)
- Re: Fwd: Rate Stratfor's Incident Response Dan Ballance (Jan 12)
- Re: Fwd: Rate Stratfor's Incident Response Kyle Creyts (Jan 12)
- Re: Fwd: Rate Stratfor's Incident Response coderman (Jan 16)
- Re: Rate Stratfor's Incident Response Benjamin Kreuter (Jan 12)
- Re: Rate Stratfor's Incident Response Valdis . Kletnieks (Jan 12)
- Re: Rate Stratfor's Incident Response Laurelai (Jan 12)
- Re: Rate Stratfor's Incident Response Ian Hayes (Jan 12)
- Re: Rate Stratfor's Incident Response Laurelai (Jan 12)
- Re: Rate Stratfor's Incident Response Giles Coochey (Jan 12)
- Re: Rate Stratfor's Incident Response Benjamin Kreuter (Jan 12)