Re: [Full-disclosure] Fwd: Rate Stratfor's Incident Response

[Dan Ballance <tzewang.dorje@xxxxxxxxx>]

It was my assumption also - but are we sure this attack was through a
"trivial, well-known attack vector"?


On 11 January 2012 14:40, Laurelai <laurelai@xxxxxxxxxxxx> wrote:
> On 1/11/12 8:39 AM, Ferenc Kovacs wrote:
>>
>>
>> Because the ones with the so called ethics either lack the technical
>> chops or lack the enthusiasm to find simple vulnerabilities. Not very
>> ethical to take a huge paycheck and not do your job if you ask me.
>>
>
> If the only thing missing to secure those systems was somebody being able to
> use sqlmap and xss-me, then that could be fixing without hiring people who
> already proved that they aren't trustworthy.
> from my experience, the lack of security comes from the management, you can
> save money on that (and qa) on the short run.
> so companies tend to hire QSA companies to buy the paper which says that
> they are good, when in fact they aren't.
> most of them don't wanna hear that they are vulnerable and take the risks
> too lightly.
> if they would take it-security seriously it simply couldn't be owned through
> trivial, well-known attack vectors.
>
> --
> Ferenc Kovács
> @Tyr43l - http://tyrael.hu
>
> :D at least one person here gets it.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/