Full Disclosure mailing list archives
Re: Fwd: Rate Stratfor's Incident Response
From: Shyaam Sundhar <shyaam () gmail com>
Date: Sat, 7 Jan 2012 19:03:32 -0500
I would agree to every response in this chain of emails. Reason: there is no 1 perfect solution. There is no one single mindset that can protect against everything that people ate facing these days. Blended attacks and threats make things complicated. Defense is not as simple as said when it is attempted to be put into works and there cannot be 1 perfect solution that secures everything either. Thank you. Shyaam On Jan 7, 2012, at 6:37 PM, Laurelai <laurelai () oneechan org> wrote:
On 1/7/12 5:31 PM, Ferenc Kovacs wrote:On Sun, Jan 8, 2012 at 12:03 AM, Laurelai <laurelai () oneechan org> wrote: On 1/7/12 3:50 PM, Valdis.Kletnieks () vt edu wrote:On Sat, 07 Jan 2012 16:25:35 EST, Shyaam Sundhar said:Although, once they have gained popularity and to a stage where a garage office becomes a shop floor and a @home biz becomes a rent-a-million$-building office, it is time to shift priorities.If finding people who are competent enough to secure a payroll system for a company of 10 people is difficult, what makes you think that it's easy to find people who can secure the systems for a company of 1,000? As Stratfor has demonstrated, the talent pool of *really* competent security people is shallow enough that there's not even enough to secure the security companies. And it's not just Stratfor - when was the last time this list went a week without mocking a security company for its lack of clue? It's an industry-wide problem - there's a *severe* shortage of experts. And even though schools like DeVry and ITT are churning out lots of people with entry level certifications, I'm not at all sure that helps the situation - we end up with a lot of people who are entry level, and don't realize how much they don't know. That makes them almost more dangerous than not having anybody at all. Sort of like if you walk alone through a scary part of town, you actually stand a good chance because you *know* you're alone and will act accordingly - but if you have a bodyguard with you, you're likely to act differently, and end up totally screwed when you find out said bodyguard has a belt in martial arts, but zero experience in street fighting... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/Perhaps these companies should try to hire the kids owning them instead of crying to the feds. why do you think that kiddies using tools like sqlmap would be able to defend them from other kids? -- Ferenc Kovács @Tyr43l - http://tyrael.huBecause they pay the kids to own them in a safe manner to show that their so called expertsd are full of shit, then they fire said experts and hire competent people saving time money and resources, try and remember the guys with the certs are the ones getting owned by the skiddies with sqlmap so that should show you how broken the infosec industry is, want to fix it? Start by hiring the skids because they are still more competent than the guys they are owning. If that one gets owned you hire the guy who owned him ect... until you actually have to know what the hell your doing to be in infosec. Use a Darwinian approach to the industry. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Fwd: Rate Stratfor's Incident Response, (continued)
- Re: Fwd: Rate Stratfor's Incident Response Jeffrey Walton (Jan 07)
- Re: Fwd: Rate Stratfor's Incident Response Ferenc Kovacs (Jan 07)
- Re: Fwd: Rate Stratfor's Incident Response Laurelai (Jan 07)
- Re: Fwd: Rate Stratfor's Incident Response Shyaam Sundhar (Jan 07)
- Re: Fwd: Rate Stratfor's Incident Response Valdis . Kletnieks (Jan 07)
- Re: Fwd: Rate Stratfor's Incident Response Shyaam Sundhar (Jan 07)
- Re: Fwd: Rate Stratfor's Incident Response Valdis . Kletnieks (Jan 07)
- Re: Fwd: Rate Stratfor's Incident Response Laurelai (Jan 07)
- Re: Fwd: Rate Stratfor's Incident Response Ferenc Kovacs (Jan 07)
- Re: Fwd: Rate Stratfor's Incident Response Laurelai (Jan 07)
- Re: Fwd: Rate Stratfor's Incident Response Shyaam Sundhar (Jan 07)
- Re: Fwd: Rate Stratfor's Incident Response Valdis . Kletnieks (Jan 07)
- Re: Fwd: Rate Stratfor's Incident Response Laurelai (Jan 07)
- Re: Fwd: Rate Stratfor's Incident Response Ferenc Kovacs (Jan 07)
- Re: Fwd: Rate Stratfor's Incident Response Shyaam Sundhar (Jan 07)
- Re: Fwd: Rate Stratfor's Incident Response Valdis . Kletnieks (Jan 07)
- Re: Fwd: Rate Stratfor's Incident Response Jeffrey Walton (Jan 07)
- Re: Fwd: Rate Stratfor's Incident Response Ferenc Kovacs (Jan 07)
- Re: Fwd: Rate Stratfor's Incident Response Valdis . Kletnieks (Jan 07)
- Re: Fwd: Rate Stratfor's Incident Response Bob Dobbs (Jan 09)
- Re: Fwd: Rate Stratfor's Incident Response Paul Schmehl (Jan 09)
- Re: Fwd: Rate Stratfor's Incident Response Ferenc Kovacs (Jan 07)
- Re: Fwd: Rate Stratfor's Incident Response Jeffrey Walton (Jan 07)