Re: Absolute Sownage (A concise history of recent Sony hacks)

[mrx <mrx () propergander org uk>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 16/06/2011 12:24, coderman wrote:
> On Wed, Jun 15, 2011 at 9:16 AM,  <Valdis.Kletnieks () vt edu> wrote:
> > ...
> > And there's the flip side of it - there's some 140+ million .com's out there.
> > For the vast majority of them, covering the 95% is in fact sufficient, because
> > they are *so* small that it's probably safe to bet that everybody with actual
> > skillz is too busy hitting more valuable targets to bother whacking them.
>
> 140+ million .com's full of vuln. was this supposed to be a cheerful message?
>
> ~_~;

It really depends on the colour of your hat.

:-7


> > After all, how many black hats with skillz will spend 3-4 days figuring out
> > how to whack Billy Bob's Bait, Tackle and Cell Phones and make maybe a
> > few hundred dollars, when they can go whack something in the 95% range
> > in a short afternoon and make 10 times as much?
>
> i don't spell skillz  "C I S S P"
>   ... and respectable blackhats aren't paid hourly!
>
> (btw, it would take 5-15 minutes, cell phone resellers are great
> avenues into carrier networks, and you gotta bait your phishes,
> right?. perhaps you picked a poor example to prop up this whimsical
> hypothetical...)
>
>
>
> > Yes, you're still technically vulnerable, but at some point you really need
> > to give up the paranoia and get on with your actual business.
>
> basic competencies and practices are "paranoia" level precautions.
> this is what makes infosec great!
>
> however i agree with your premise. it's a business decision; nobody
> cares; and it's cheaper to fuck off now and repent later on the off
> chance (read: very slim chance) you lose your bet on the pwnies... and
> even then you're likely able to pass the buck off on the next vendor
> or provider - Get Out of Responsibility Free Card!
>
>
> now pardon me as i sate this urge to inebriate which you have
> masterfully instilled via discourse on the destitute digital denizens
> devoid of any desire to deliver themselves from the absurd theater
> that is "information security" and the prevalent lack thereof.
>   [can i buy whiskey with bitcoin yet?]
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/


- -- 
Mankind's systems are white sticks tapping walls.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEVAwUBTfnvabIvn8UFHWSmAQKBYwgA2No2sTTwyCwlnjGScrxvpCImJVRI0Yh7
wmHiLF49JMeyx5qMlptYzgRpFTxxk2tWg+o9YQ7VrfZ9LeYDuSCQY5epbLIIQbJ1
g2PGVxvR9h5JTu4Se//NbRFxa2WHJvwWLjNeGnYe5FBEj7ORlktJUI28yk5V3r6Y
71uSBk+t6Fbwtbq4Gc+jPzFamLTA54yu1g4Jbl6jyqufFt5YDxzADkWhS2ByKdcR
K1Q05KzOQ43T9BIIEDRJXAd1FgwYIajr3eXCTjmgpy+WknGH2D2FCjOx0N7Aam9N
NO+ajjQ0iIISD9Vq1PvOX0RjMU4xTTZeHY82cCWnNcT5jolKta9vAA==
=zh5y
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/