Full Disclosure mailing list archives
Re: [Full-Disclosure] Full-disclosure Posts
From: "backyard@yahoo-inc" <xploitable () gmail com>
Date: Sun, 17 Oct 2004 20:54:06 +0100
On Sun, 17 Oct 2004 12:34:33 -0500, Todd Towles <toddtowles () brookshires com> wrote:
I agree with your idea, but I am one of those uni graduate/20 something professionals. I am very passion about my work and the security of the company I work for. I work in a rural state and the money isn't as high as some other places. I took a pay cut to work in the IT field when I finished college. Maybe you weren't talking about people like myself in your statement (since most people that are part of FD are here to be on the edge of security and around people that understand them) but it seemed like you were talking in pretty general terms....with that in mind I have to disagree with you that all the 20 something professionals are not good security professionals. A lot of the older folks are sitting in the corner talking about their 1980 modems, while some 15 year old from south amercian uses a three year old exploit on their misconfigured Apache webserver and defaces it. I agree that you have to love computers...you have to eat and sleep computers/security to be good in the field and a lot of people in the IT field aren't like that. Kinda sad, but I will have their job one day..so..I just smile.
My motivation is yahoo.. these guys need to wake up more. Everything about them says they are out of touch with the threats of today. If you report X, they patch X, even if they know Y and Z are vulnerable, the apparent attitude is to leave Y and Z until they get reported or become an active problem, because they want to move onto the next reported vulnerability. From the idea I get, its all about what looks good on paper and productivity. I mean, I bet yahoo hand out most productive security employee of the month awards and stuff. Its all screwed up and wrong. My stance is.. yahoo sack all the ones who are in it for the money, keep the employees who think like a hacker, then recruit some real life hackers from the underground. That combination is a winning security team, not the current team who in my opinion are out of touch and out dated for the threats of the 21st century. As for misconfigured web servers with 3 year old exploit. Yahoo! don't even need exploits and misconfigured web servers. They do fine by cutting corners and taking short cuts in security. Half the network is vulnerable to all manner of stuff. In my opinion, the only threat to Yahoo are Yahoo themselves, not hackers. Sorry to go on about yahoo, but its something i'm passionate about. Feel free to hit the block sender button, I fully understand. :-) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [Full-Disclosure] Full-disclosure Posts, (continued)
- [Full-Disclosure] Full-disclosure Posts yahoo@localhost (Oct 16)
- Re: [Full-Disclosure] Full-disclosure Posts Mike Barushok (Oct 16)
- Re: [Full-Disclosure] Full-disclosure Posts yossarian (Oct 16)
- Re: [Full-Disclosure] Full-disclosure Posts Etaoin Shrdlu (Oct 16)
- Re: [Full-Disclosure] Full-disclosure Posts 404 (Oct 17)
- Re: [Full-Disclosure] Full-disclosure Posts yahoo@localhost (Oct 17)
- Re: [SPAM] Re: [Full-Disclosure] Full-disclosure Posts Hugo van der Kooij (Oct 17)
- Re: [SPAM] Re: [Full-Disclosure] Full-disclosure Posts xploitable (Oct 18)
- [Full-Disclosure] Full-disclosure Posts yahoo@localhost (Oct 16)
- Re: [Full-Disclosure] Full-disclosure Posts backyard@yahoo-inc (Oct 17)
- Re: [Full-Disclosure] Full-disclosure Posts yossarian (Oct 17)
- Re: [Full-Disclosure] Full-disclosure Posts xploitable (Oct 18)
- Re: [Full-Disclosure] Full-disclosure Posts yossarian (Oct 18)
- WSDL / UDDI scanner n30 (Oct 22)