Re: [Full-Disclosure] RE: [Full-Disclosure]Open the doors to hell hire a hicker Full-Disclosure Posts
From: Kevin (KKadow_at_gmail.com)
Date: 10/19/04
- Previous message: Thierry Carrez: "[Full-Disclosure] [ GLSA 200410-16 ] PostgreSQL: Insecure temporary file use in make_oidjoins_check"
- In reply to: Clairmont, Jan M: "[Full-Disclosure] RE: [Full-Disclosure]Open the doors to hell hire a hicker Full-Disclosure Posts"
- Next in thread: Micheal Espinola Jr: "Re: [Full-Disclosure] RE: [Full-Disclosure]Open the doors to hell hire a hicker Full-Disclosure Posts"
- Reply: Micheal Espinola Jr: "Re: [Full-Disclosure] RE: [Full-Disclosure]Open the doors to hell hire a hicker Full-Disclosure Posts"
- Reply: Bart.Lansing_at_kohls.com: "Re: [Full-Disclosure] RE: [Full-Disclosure]Open the doors to hell hire a hicker Full-Disclosure Posts"
- Reply: Jesse Valentin: "Re: [Full-Disclosure] RE: [Full-Disclosure]Open the doors to hell hire a hicker Full-Disclosure Posts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: full-disclosure@lists.netsys.com Date: Mon, 18 Oct 2004 17:38:18 -0500
On Mon, 18 Oct 2004 10:28:39 -0400, Clairmont, Jan M
<jan.m.clairmont@citigroup.com> wrote:
> Oh yeah and we can trust you bozos not to put in backdoors, sploits and other
> great modes of entry yeah right. 8->, Hire the burgler to secure your home,
> yeah right? Doh!
Just because J.Random Hacker starts out as an immature 17 year old
script kiddie breaking into random systems doesn't mean (assume he
avoids prison) he can't grow up to become a mature "security
professional" who knows how to follow a policy procedure, comply with
audit, and work a 9-to-5 job.
Scratch a thirty-something lead InfoSec consultant from any major
consulting firm (including the big four), and chances are you'll find
a "31337 Hax0r" from the 90's.
And this is excluding the obvious L0pht->@Stake->Symantec progression.
People mature over time, grow into a more "professional" attitude
without losing the inventiveness and insight that makes them
effective.
> Sheessh what a stupid idea?
>
> The whole point of hiring people who don't know much is that they follow
> a policy procedure and comply with audit, I have yet to see a H&ck3r follow any
> procedure. So how do you control anything such as policy etc, the wild west again?
> You hire professional security people to maintain control, not chaos, and find methodologies
> procedures and products that are the most effective, test, re-test, remediate, deploy and defend.
> And that can be maintained and operated by ordinary computer folk, who want to do an honest days
> work and collect their rightful pay, but maybe you never thought of that!
Sure, bean counters have their place too.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Thierry Carrez: "[Full-Disclosure] [ GLSA 200410-16 ] PostgreSQL: Insecure temporary file use in make_oidjoins_check"
- In reply to: Clairmont, Jan M: "[Full-Disclosure] RE: [Full-Disclosure]Open the doors to hell hire a hicker Full-Disclosure Posts"
- Next in thread: Micheal Espinola Jr: "Re: [Full-Disclosure] RE: [Full-Disclosure]Open the doors to hell hire a hicker Full-Disclosure Posts"
- Reply: Micheal Espinola Jr: "Re: [Full-Disclosure] RE: [Full-Disclosure]Open the doors to hell hire a hicker Full-Disclosure Posts"
- Reply: Bart.Lansing_at_kohls.com: "Re: [Full-Disclosure] RE: [Full-Disclosure]Open the doors to hell hire a hicker Full-Disclosure Posts"
- Reply: Jesse Valentin: "Re: [Full-Disclosure] RE: [Full-Disclosure]Open the doors to hell hire a hicker Full-Disclosure Posts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
