[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Re: MS04-025 - Ignorance is truly bliss....
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: Re: [Full-Disclosure] Re: MS04-025 - Ignorance is truly bliss....
- From: George Capehart <capegeo@xxxxxxxxxxxxx>
- Date: Fri, 6 Aug 2004 11:48:48 -0400
On Thursday 05 August 2004 18:49, hellNbak allegedly wrote:
> On Thu, 5 Aug 2004 someone pretending to have a nmrc email addy
wrote:
<snip>
>
> The only mistake you make above is that you paint the entire industry
> with the same brush. Yes, I and a lot of people make money in this
> industry. We took a hobby and made it a job -- why not? Why not get
> paid for something you enjoy. Working in this industry does not
> automatically make you a false profit as you explain above.
>
> Over the long term -- no one will benifet -- and I dont care how big
> the paycheck is -- telling a client what they want to hear is not the
> way many of us choose to make a living. Sure, there are a lot of
> people in EVERY industry that are willing to push ethics aside and do
> what it takes for that paycheck but I know I can look myself in the
> mirror and say that I am not one of those people.
>
> Eventually the false prophets are exposed, sure they already got
> their paycheck and have moved on to the next sucker but eventually
> they run out of suckers and money.
>
> > What do you hope to achieve, or how do you believe your opinion is
> > being relevant or novel, if you come to this audience, and state
> > that CERT is no longer credible, and is a bunch of crooks who live
> > off selling advance vulnerability warnings? Or that Microsoft is
> > not exactly particularly devoted to improving security of their
> > products and protecting their customers?
>
> I hoped to stir some shit up, perhaps give the guys over at
> secure@xxxxxxxxxxxxx a bit of a kick in the nuts as there was a time
> that they were making at least a little progress. I was hoping to
> draw enough attention to this issue that perhaps someone from one of
> the major banks will one day sit down and correlate the connection
> between vulnerabilities such as this and losses due to fraud. The
> only way that any vendor is going to be forced to actually care about
> security and actually care about users is when those users mean lots
> of $$$ to them.
There just might be some hope . . . check out this white paper from PWC
on "Integrity-Driven Performance."
http://www.cfodirect.com/cfopublic.nsf/f19696b6432afb8b8525690a000c9f67/86a39deb761f514d85256e3f00641442/$FILE/PWC_GRC_WP.pdf
(URL might wrap). You can get it from Google if you search on
pwc_grc_wp.pdf . . .
Cheers,
/g
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html