Re: [Full-disclosure] What do you guys think about it?



Of course it's boring, the days when one said "I've just found another 50
holes in MS's network stack" are all gone.

The thing is, you are either a security professional *testing products* or
you're just talking about security thinking you are one.
In the past all it took to "become a 'hacker'" was getting informed about
hacking techniques, finding some exploit (which was way more easy than
today) and finally someone calling you "hacker".

Mind you, many call me "hacker" seeing me using consoles but (irony irony)
I'm no [seasoned] hacker.

As a software developer, I still find certain security issues challenging.
Sure Mr Purser might find everything less exciting, but hey did you write
anything from scratch lately? What are you coding in, Javascript or JQuery
(as an example)?

My point is, frameworks and products address security issues themselves,
making it easier for end-developers to use. But a big time hacker like Mr
Purser finds it boring.

As of myself, I refrain from depending on frameworks for a single useful
feature, which means I have to write from scratch and study that feature,
making sure it is "safe".
And who knows, while at it I might notice a bu or two in the said
framework...

Regards,
Christian Sciberras





On Fri, May 28, 2010 at 9:42 PM, Thor (Hammer of God)
<Thor@xxxxxxxxxxxxxxx>wrote:

Exactly.

-----Original Message-----
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx [mailto:
full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of Marsh Ray
Sent: Friday, May 28, 2010 12:37 PM
To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] What do you guys think about it?

On 5/28/2010 2:18 PM, Rafael Moraes wrote:
Read and give your opinion!

http://www.networkworld.com/community/node/60303

If he thinks security is boring problem solved by installing the latest
plug-in appliance, I see he has two options:

1. Publicly issue a "hack me" challenge listing the names of his
employers/clients. Extend a big middle finger to some organized
international groups. That might make his job more interesting for a while.

- or -

B. Step aside and let somebody with energy and imagination have a turn.

- Marsh

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages

  • [Full-Disclosure] Administrivia
    ... directly related to security concerns per se. ... I consider myself to be a hacker, ... >> was the motivation in days gone by. ... >> The idea that with great power comes great responsibility is one that I ...
    (Full-Disclosure)
  • [Full-disclosure] Re: Full-Disclosure Digest, Vol 13, Issue 8
    ... DSplit - Tiny AV signatures Detector ... [Full-disclosure] DSplit - Tiny AV signatures Detector ... Title: WordPress: SQL injection vulnerability ... Security is a primary focus of Gentoo Linux and ensuring the ...
    (Full-Disclosure)
  • [Full-disclosure] unsubscribe
    ... Full-Disclosure Digest, Vol 25, Issue 27 ... Web Security and Bookmarklet Exploits ... packages fix insecure temporary file ... Security is a primary focus of Gentoo Linux and ensuring the ...
    (Full-Disclosure)
  • Re: Mac OS X hacked under 30 minutes
    ... a Swedish Mac fan posted a web site that challenged all ... updated it to Mac OS X 10.4.5 and fixed some security issues. ... As there was no cash prize associated with the contest, ... The hacker, known only as "gwerdna," explained what he ...
    (comp.sys.mac.advocacy)
  • RE: 0-day exploit..do i hear $1000?
    ... security industry, then after money is confirmed deposited to fund, hacker ... Security firm 123 implement patches for brain dead clients. ... CUA codes the exploit ...
    (Pen-Test)