Re: [Full-disclosure] Remote Desktop Command Fixation Attacks

I guess there's some logic in spreading FUD about security in depth
not working. It might be a nice way to scare potential customers
who don't know much about security into whatever services
Gnucitizen team sells. However, these kind of tricks
simply won't work with any seasoned security professional.
It'll actually backfire if you are not careful... because you
won't be taken seriously in the industry. I'm pretty sure
Pdp's rating in the books of many security professionals
went down quite a few notches :-) It's a small world...
and most likely it'll affect your and your company's
future... because you'll need to do business with
people like Thor (who gave a great and very logical
description with proper supporting examples of what
security in depth is and what's mean to do).
The chances are that they'll simply choose to work
with someone else... who betters understands the big
picture in security :-)

CQ
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages

  • Re: Know your enemy, Virtual Honeynets, Yet more information
    ... In regards to honeypot logs I would suggest that unless you are paying close, ... >> information security ARE NOT security professionals, ... >> appreciated systems administrators, who struggle enough as it is ...
    (Focus-IDS)
  • RE: Vulnerabilites in new laws on computer hacking
    ... To learn computer / network security is expensive and the materials are costly in a lot of situations. ... Vulnerabilites in new laws on computer hacking ... difference between these two types of attacks but I don't think that judges ... create a generation of ignorant security professionals. ...
    (Bugtraq)
  • RE: Vulnerabilites in new laws on computer hacking
    ... To learn computer / network security is expensive and the materials ... Vulnerabilites in new laws on computer hacking ... difference between these two types of attacks but I don't think that judges ... create a generation of ignorant security professionals. ...
    (Bugtraq)
  • Re: Federally Mandated Certification of cybersecurity professionals?
    ... Information Security Professionals and stated that one of its ... attain that certification. ... however the government controls the funding ...
    (Pen-Test)
  • RE: [Full-disclosure] IT security professionals in demand in 2006
    ... There is more to IT security than exploits and viruses. ... I don’t know a lot of security professionals that can explain the mechanism used by a virus to circumvent AV software detection. ... [Full-disclosure] IT security professionals in demand in 2006 ... > Charter: http://lists.grok.org.uk/full-disclosure-charter.html ...
    (Full-Disclosure)