Firewall Wizards mailing list archives

Re: concerning ~el8 / project mayhem

From: Darren Reed <darrenr () reed wattle id au>
Date: Sun, 18 Aug 2002 17:25:05 +1000 (EST)

In some email I received from Marcus J. Ranum, sie wrote:

Paul D. Robertson wrote:

in the past. If you're a true white hat, you're not replete with
hacking technique and you're not the kind of guy who can whip out
a tool to crack into any website any time, or whatever. UNfortunately,


I'm not sure I totally agree with this premise-  I think I couldsit 
and find and code exploits on my test network if I had the time.


That's not hacking technique, that's commonsense engineering.


I find a lot of IT is just "commonsense engineering", but how things
go so wrong is a mystery.  Well, I guess if you're forced to use
broken tools, what can be expected but a mishapen result ?

I should have been more clear in my terminology: I meant that you
don't need to run around with a big encrypted CDROM full of your
toolz to be a security guru. You need to understand the forms and
functions of categories of attacks so you can defend against them
or design around them as _categories_ - having specific knowledge
(or toolz) to break specific versions of software on specific architectures -
that's just lame script-kid stuff. And there are a kit of "security
analysts" whose level of expertise is more in the script kiddy vein
than not. Perhaps we should call them "Scanner-kiddies" ? ;)


Careful Marcus, it is starting to sound like you're justifying things
like CISSP that teach you lots about nothing ;-)

Maybe you should start offering courses in security and give out
certificates titled MRCRISP (Macrus Ranum Certified Real Information
Security Professional. :-)

"security analyst" is just a job title, nothing more, nothing less.
To give you some idea of how worthless job titles are in IT, you
have people calling themselves 'scientists' in the IT security
industry when you're lucky if they have a bachelors degree in anything
and definately not a Ph.D or anything you'd expect a *real* scientist
in something like biochemistry to have.
:-)

Darren
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: concerning ~el8 / project mayhem, (continued)
- - - Re: concerning ~el8 / project mayhem Anton J Aylward, CISSP (Aug 21)
    - Message not available
    - Re: concerning ~el8 / project mayhem Dave Piscitello (Aug 22)
    - Message not available
    - Re: concerning ~el8 / project mayhem Dave Piscitello (Aug 22)
    - Re: concerning ~el8 / project mayhem Adam Shostack (Aug 23)
    - Message not available
    - Re: concerning ~el8 / project mayhem Marcus J. Ranum (Aug 17)
    - Re: concerning ~el8 / project mayhem Paul D. Robertson (Aug 18)
    - RE: concerning ~el8 / project mayhem Bill Royds (Aug 18)
    - Re: concerning ~el8 / project mayhem Barney Wolff (Aug 18)
    - Re: concerning ~el8 / project mayhem Paul D. Robertson (Aug 19)
    - Re: concerning ~el8 / project mayhem Barney Wolff (Aug 19)
    - Re: concerning ~el8 / project mayhem Darren Reed (Aug 18)
    - Message not available
    - Re: concerning ~el8 / project mayhem Dave Piscitello (Aug 19)
    - Re: concerning ~el8 / project mayhem Paul Robertson (Aug 19)
    - Re: concerning ~el8 / project mayhem Tina Bird (Aug 19)
    - Re: concerning ~el8 / project mayhem Adam Shostack (Aug 19)
    - Re: concerning ~el8 / project mayhem Nate Campi (Aug 19)
    - Re: concerning ~el8 / project mayhem Barney Wolff (Aug 19)
  - Re: concerning ~el8 / project mayhem R. DuFresne (Aug 18)
  - Re: concerning ~el8 / project mayhem Dave Piscitello (Aug 19)
  - Re: concerning ~el8 / project mayhem Iván Arce (Aug 23)
    - Re: concerning ~el8 / project mayhem Crispin Cowan (Aug 23)

(Thread continues...)