[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Fwd: Rate Stratfor's Incident Response

To: Laurelai <laurelai@xxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Fwd: Rate Stratfor's Incident Response
From: Ferenc Kovacs <tyra3l@xxxxxxxxx>
Date: Sun, 8 Jan 2012 00:31:39 +0100

On Sun, Jan 8, 2012 at 12:03 AM, Laurelai <laurelai@xxxxxxxxxxxx> wrote:

>  On 1/7/12 3:50 PM, Valdis.Kletnieks@xxxxxx wrote:
>
> On Sat, 07 Jan 2012 16:25:35 EST, Shyaam Sundhar said:
>
>
>  Although, once they have gained popularity and to a stage where a garage
> office becomes a shop floor and a @home biz becomes a rent-a-million$-building
> office, it is time to shift priorities.
>
>  If finding people who are competent enough to secure a payroll system for a
> company of 10 people is difficult, what makes you think that it's easy to find
> people who can secure the systems for a company of 1,000?
>
> As Stratfor has demonstrated, the talent pool of *really* competent security
> people is shallow enough that there's not even enough to secure the security
> companies. And it's not just Stratfor - when was the last time this list went 
> a
> week without mocking a security company for its lack of clue?  It's an 
> industry-wide
> problem - there's a *severe* shortage of experts.
>
> And even though schools like DeVry and ITT are churning out lots of people 
> with
> entry level certifications, I'm not at all sure that helps the situation - we
> end up with a lot of people who are entry level, and don't realize how much
> they don't know. That makes them almost more dangerous than not having anybody
> at all. Sort of like if you walk alone through a scary part of town, you
> actually stand a good chance because you *know* you're alone and will act
> accordingly - but if you have a bodyguard with you, you're likely to act
> differently, and end up totally screwed when you find out said bodyguard has a
> belt in martial arts, but zero experience in street fighting...
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>  Perhaps these companies should try to hire the kids owning them instead
> of crying to the feds.
>

why do you think that kiddies using tools like sqlmap would be able to
defend them from other kids?


-- 
Ferenc Kovács
@Tyr43l - http://tyrael.hu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Fwd: Rate Stratfor's Incident Response
  - From: Laurelai

References:
- [Full-disclosure] Fwd: Rate Stratfor's Incident Response
  - From: Ed Carp
- Re: [Full-disclosure] Fwd: Rate Stratfor's Incident Response
  - From: Jeffrey Walton
- Re: [Full-disclosure] Fwd: Rate Stratfor's Incident Response
  - From: Ferenc Kovacs
- Re: [Full-disclosure] Fwd: Rate Stratfor's Incident Response
  - From: Shyaam Sundhar
- Re: [Full-disclosure] Fwd: Rate Stratfor's Incident Response
  - From: Valdis . Kletnieks
- Re: [Full-disclosure] Fwd: Rate Stratfor's Incident Response
  - From: Shyaam Sundhar
- Re: [Full-disclosure] Fwd: Rate Stratfor's Incident Response
  - From: Valdis . Kletnieks
- Re: [Full-disclosure] Fwd: Rate Stratfor's Incident Response
  - From: Laurelai

Prev by Date: Re: [Full-disclosure] Fwd: Rate Stratfor's Incident Response
Next by Date: Re: [Full-disclosure] Fwd: Rate Stratfor's Incident Response
Previous by thread: Re: [Full-disclosure] Fwd: Rate Stratfor's Incident Response
Next by thread: Re: [Full-disclosure] Fwd: Rate Stratfor's Incident Response
Index(es):
- Date
- Thread