[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] infosec rot (was Re: Gomez eats the weak)
- To: ichib0d crane <themadichib0d@xxxxxxxxx>
- Subject: [Full-disclosure] infosec rot (was Re: Gomez eats the weak)
- From: coderman <coderman@xxxxxxxxx>
- Date: Sun, 24 Apr 2011 20:32:49 -0700
On Sat, Apr 23, 2011 at 9:00 AM, ichib0d crane <themadichib0d@xxxxxxxxx> wrote:
> lol someone who thinks he is original because he is stating things
> that pretty much everyone knows, or at least traces of which may be
> true enough to be known.
poor kid probably bought into degrees and/or certs, got all hyped up on infosec,
only to find a shitty industry behind the curtain...
> Of course no one but your peers give a crap about what you do, guess
> what? No one but those in the immediate peer group of an architect or
> a subway employee cares about what they do either.
those who seek attention rarely deserve it; this is a feature, not a bug.
hollywood and politics are for those with external loci of identity...
> Of course some moonlight as blackhats, guess what? Some 'anti-man'
> blackhats daylight as paper pushers.
solid ethical reasoning: not taught in school and virtue
unappreciated. this happens in every industry, though infosec loves to
eat its own.
> Of course the government lures the brightest minds to work for them
> and develop exploits for *insert cause here*.
keeping up with the joneses. dozens of state sponsored "cyber"
programs across the globe and counting. what a gold rush!
> Of course most pen-tester's post-exploitation skills suck.
not to mention this only comes into play when an attack is actually
detected. most last way too long, sometimes months/years! before
identified.
> Valdis is right, you must be new here if you think that stating
> obvious facts make you seem smart.
sounds more like frustration and disillusionment.
let me help with that. you forgot to mention the industry charlatans,
the media whores, the pervasive apathy around security processes and
posture in general, save for those brief moments of post-pwning
introspection with fervent commitment to "do better" that lasts about
as long as a new year's resolution.
and development practices, i can't even begin. governments and
megacorps alike keep fucking up the simple stuff, over and over.
whether it's laughable crypto cock-ups, or hilarious insecure
oversights from 90's back like a bad fad in your console and smart
phone, or the security products and vendors getting ravaged themselves
and providing vectors to customers through their softwares (and you're
paying for the privilege!)...
i could on, but i'll haiku instead:
infosec despair
laziness, incompetence
here. there. everywhere.
pwnies on rampage
cyberwar and A. P. T.
thieves, spies, good guys - who?
downhill since '93
onward indefinitely
band-aids but no cure
what is it good for?
lush lucre and free passes
on backs of masses
they're fleecing all
nations, corps, orgs big and small
reparations null
infosec should be?
no. build in security!
existential angst
[to be, or not to be...]
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/