Full Disclosure mailing list archives
Re: Re: MS04-025 - Ignorance is truly bliss....
From: George Capehart <capegeo () opengroup org>
Date: Fri, 6 Aug 2004 11:48:48 -0400
On Thursday 05 August 2004 18:49, hellNbak allegedly wrote:
On Thu, 5 Aug 2004 someone pretending to have a nmrc email addy
wrote: <snip>
The only mistake you make above is that you paint the entire industry with the same brush. Yes, I and a lot of people make money in this industry. We took a hobby and made it a job -- why not? Why not get paid for something you enjoy. Working in this industry does not automatically make you a false profit as you explain above. Over the long term -- no one will benifet -- and I dont care how big the paycheck is -- telling a client what they want to hear is not the way many of us choose to make a living. Sure, there are a lot of people in EVERY industry that are willing to push ethics aside and do what it takes for that paycheck but I know I can look myself in the mirror and say that I am not one of those people. Eventually the false prophets are exposed, sure they already got their paycheck and have moved on to the next sucker but eventually they run out of suckers and money.What do you hope to achieve, or how do you believe your opinion is being relevant or novel, if you come to this audience, and state that CERT is no longer credible, and is a bunch of crooks who live off selling advance vulnerability warnings? Or that Microsoft is not exactly particularly devoted to improving security of their products and protecting their customers?I hoped to stir some shit up, perhaps give the guys over at secure () microsoft com a bit of a kick in the nuts as there was a time that they were making at least a little progress. I was hoping to draw enough attention to this issue that perhaps someone from one of the major banks will one day sit down and correlate the connection between vulnerabilities such as this and losses due to fraud. The only way that any vendor is going to be forced to actually care about security and actually care about users is when those users mean lots of $$$ to them.
There just might be some hope . . . check out this white paper from PWC on "Integrity-Driven Performance." http://www.cfodirect.com/cfopublic.nsf/f19696b6432afb8b8525690a000c9f67/86a39deb761f514d85256e3f00641442/$FILE/PWC_GRC_WP.pdf (URL might wrap). You can get it from Google if you search on pwc_grc_wp.pdf . . . Cheers, /g _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- MS04-025 - Ignorance is truly bliss.... hellNbak (Aug 05)
- Re: MS04-025 - Ignorance is truly bliss.... Ferguson (Aug 06)
- Re: MS04-025 - Ignorance is truly bliss.... hellNbak (Aug 06)
- Re: Re: MS04-025 - Ignorance is truly bliss.... George Capehart (Aug 06)
- perhaps outsourcing needs a closer look by some companies;; Ron DuFresne (Aug 06)
- Re: MS04-025 - Ignorance is truly bliss.... hellNbak (Aug 06)
- Re: Re: MS04-025 - Ignorance is truly bliss.... Georgi Guninski (Aug 06)
- Re: Re: MS04-025 - Ignorance is truly bliss.... hellNbak (Aug 06)
- Re: Re: MS04-025 - Ignorance is truly bliss.... Barry Fitzgerald (Aug 06)
- Re: MS04-025 - Ignorance is truly bliss.... Ferguson (Aug 06)