Full Disclosure mailing list archives
Re: Making Security Suck Less
From: wac <waldoalvarez00 () gmail com>
Date: Thu, 23 Dec 2010 03:26:03 -0500
Aha, welcome to the world. It is broken and will likely keep that way for long. So do what i do... Adapt, take a seat, wear a green hat if you can and forget about the rest. They will not understand, nor they want to. Besides we would see a load of net admins loosing their jobs / companies filling bankruptcy if the model changes so... You know what.. Bertrand Russell said once: "Men who are unhappy, like men who sleep badly, are always proud of the fact." Sort like the old way of saying "don't worry be happy!" :D And I have serious doubts about that OSSTMM btw. On 12/16/10, Pete Herzog <lists () isecom org> wrote:
Hi, "Now not everything about the old security model is bad. Personally, I really like the Zen feel of it. It's like raking the fine, white, beach sand into those concentric lines and around rocks and dead fish and stuff. It's very Zen. Then as the tide rises, the wind blows, and Frisbees get badly thrown you have to do it all over again in a very Zen way like this: Install. Harden. Configure. Patch. Scan. Patch again. Update. Re-configure. Scan. Patch again. Uninstall. Re-install. Configure. And then you do it all over again! With so much Zen practice it's hard not to become a Master of the security repeat cycle. But you know what else is Zen? NOT doing that. It's less stressful to maintain an existing balance between operations, limitations, and controls then running around and putting out fires." This is from my new article called, "Making Security Suck Less" you can read finished at: https://www.infosecisland.com/blogview/10304-Making-Security-Suck-Less.html There's some more, new articles reviewing the OSSTMM and the new security model at InfoSec Island here: https://www.infosecisland.com/osstmm.html Sincerely, -pete. -- Pete Herzog - Managing Director - pete () isecom org ISECOM - Institute for Security and Open Methodologies www.isecom.org - www.osstmm.org www.hackerhighschool.org - www.badpeopleproject.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Making Security Suck Less Pete Herzog (Dec 16)
- Re: Making Security Suck Less Christian Sciberras (Dec 16)
- Re: Making Security Suck Less Paul Schmehl (Dec 16)
- Re: Making Security Suck Less wac (Dec 23)
- Re: Making Security Suck Less Pete Herzog (Dec 23)
- Re: Making Security Suck Less Christian Sciberras (Dec 16)