PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Not this crap again..

From: mike.mikemiller at gmail.com (Michael Miller)
Date: Tue, 15 Dec 2009 10:34:47 -0800
I would think people get complacent and then prevention fails.

-mmiller

-

On Mon, Dec 14, 2009 at 1:42 PM, Jason Wood <tadaka at gmail.com> wrote:

It reminded me of Richard Beijtlich's statement that "prevention eventually
fails".? So do I go with Richard's outlook or Gregory's?? Add in my own
experience in the land of reality and I'll stick with Richard's.? ;-)



On Mon, Dec 14, 2009 at 1:37 PM, Michael Douglas <mick at pauldotcom.com>
wrote:


That comment "you can't ever fail" is part of the reason this guy is
such a jackhole. ?He's perpetuating very scary and damaging myths
about infosec.

-= Hey John Strand, your doctor told me to keep your blood from
boiling over so you might want to skip until you hit the next comment
marked like this =-
<The text below is encrypted with non-john-strand crypto. ?As long as
you're not John Strand this text appears like plain text... but it's
not. ?We here at PaulDotCom have special tech that allows for strange
things... in this case, John Strand will see nothing but gibberish, or
perhaps an in-depth review of a death metal band. ?He's never really
been clear about what he sees when presented with this sort of elite
crypto.>

Everyone makes mistakes. ?Systems fail, everything rots. ?Entropy will
triumph in the end. ?It all gets back to the concept of failing
gracefully. ?John's been harping this point over and over lately, and
it's apparent that "teh bestest haxor evarz" has somehow missed out on
these talks. ?It must be all the 15 minute training sessions. ?Those
add up on your time. ?(/me rolls his eyes)

DO NOT TELL JOHN THAT THE BEST HACKER ISN'T AWARE OF THIS. ?He might
flip out and maybe do something strange... no stranger than what he
normally does. ?Truth is, I don't like thinking about it. ?The longer
you stare at the Abyss the longer it stares back at you. ?;-)

But you don't have to miss out like #1 super hacker has so far!
http://www.irongeek.com/i.php?page=videos/the-internet-is-evil-john-strand

-= John, you can return to the reading ?;-) =-


Security Consultants are NOT responsible for the security of a
company. ?We're not. ?EVER! ?That belongs to management. ?Security
programs that fail are ones where they forget our responsibilites.
Our duties are to measure, report, and mitigate risks as directed to
from management. ?Anytime we set ourselves out to do differently we're
drifting to Evans' style and that's something we certainly want to
discourage. ?Unless you want lumps of coal from Santa for some
reason...

- Mick


On Mon, Dec 14, 2009 at 1:27 PM, Jason Wood <tadaka at gmail.com> wrote:

I got a chuckle out of this line from the article.

"Drawbacks: Talk about stress. If a system is infiltrated by a virus or
hacker, it could mean lights out for the security consultant's career.
"This
is a job you can't afford to ever fail in," says Evans."

What was funny to me was I remember a thread a while back where a lot of
us
talked about getting into infosec **because** we got hacked.? I suppose
I
was just doing sysadmin work at the time, so you could point to that as
a
reason why I've never had much career trouble.? Still, I had to grin at
it.


Jason



On Mon, Dec 14, 2009 at 9:06 AM, Soft Reset <softreset64738 at gmail.com>
wrote:


Hmmm...I'm going out on a limb here, but I'm not seeing why he's *is* a
fraud?? I understand how this profile can portray us in a negative
light as
people who see *us* may think we were once on the black-hat side of
things,
but do you all think its impossible for someone to switch to the
white-side?

Although to be honest, no, I wouldn't trust him.? Convicted in 2002,
served 16 months means he was *probably* still in jail or just out when
he
started his company in 2003.?? And "...that year, computer security
stores
contracted to sell his cyber security software."? So, in less than a
year of
getting out of prison, he has a company and "computer security stores"
sold
his software?? WTF???

Ok, maybe I understand now...maybe it was just too early in the day.


On Mon, Dec 14, 2009 at 4:21 AM, John Strand <strandjs at gmail.com>
wrote:


Check it out:

http://money.cnn.com/magazines/moneymag/bestjobs/2009/snapshots/8.html

On the plus side. ?I think it is nice that we have some job
security...

On the downside.... ?Why did they have to go and find "The Worlds #1
Hacker?"

Now anyone that wants to get into this field thinks that all they need
is a CISSP and to be an asshat.

Wait..... ?That might be accurate.

John Strand
CISSP, GCIH, GCFW, ' or 1=1; --, Asshat
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com




--

irc: Tadaka
Twitter: ?Jason_Wood
jwnetworkconsulting.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com




--

irc: Tadaka
Twitter: ?Jason_Wood
jwnetworkconsulting.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: