Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Exactly 500 word essay on "Why hacking is cool,so that Marcus changes his web site"

From: "Hackling, Matthew (AU - Melbourne)" <mhackling () deloitte com au>
Date: Tue, 20 Sep 2005 09:22:02 +1000
Hacking is cool because it demonstrates security issues so that
management can see the impact and hence time and $ can be allocated so
the security issues can get fixed...

 

I was at a car manufacturer yesterday doing some Sarbanes-Oxley work
(yawn).  The client had an issue on their risk register that wasn't
planned to be closed off for a year that had resulted from the "SOX tick
n bash"  

 

I pipe up, "you should really get that fixed, I used that flaw to hack
into a mortgage insurer last weekend".

 

Suddenly there's some action being taken.

 

So now I'm emailing their security manager screen captures of exploits
for 3 month old outstanding issues to give her the ammunition to get her
outsourcers to take action...

 

Until someone demonstrates that its easy for someone to hack in and not
something that "propeller heads" only can do, no action gets taken.

 

Kind Regards,

 

Matthew Hackling B.Sc. (Security) CISSP

Client Manager

Security Services Group

Deloitte

Direct: +61 3 208 6610

Fax: +61 3 208 7001

Mobile: +61 402288599

mhackling () deloitte com au

www.deloitte.com.au

 

180 Lonsdale Street

Melbourne

Victoria

 



This email and any attachments to it are confidential.  You must not use, disclose or act on the email if you are not 
the intended recipient.   Liability limited by a scheme approved under Professional Standards Legislation.  Deloitte is 
a member of Deloitte Touche Tohmatsu (a Swiss Verein).  As a Swiss Verein (association), neither Deloitte Touche 
Tohmatsu nor any of its member firms has any liability for each other's acts or omissions.  Each of the member firms is 
a separate and independent legal entity operating under the names "Deloitte", "Deloitte & Touche", "Deloitte Touche 
Tohmatsu", or other related names.  Services are provided by the member firms or their subsidiaries and affiliates and 
not by the Deloitte Touche Tohmatsu Verein.
Previous By Date Next
Previous By Thread Next

Current thread: