[Full-Disclosure] NASA.GOV SQL Injections
dufresne at winternet.com
Fri Oct 17 19:03:52 BST 2003
On Fri, 17 Oct 2003, Jonathan A. Zdziarski wrote:
> > No offense meant to the fine IT people at NASA, but do you seriously
> > believe that the one-percenters are securing the network? As opposed to
> > say, figuring out how to land a rover on Mars, how to keep astronauts
> > alive in space, how to overcome the long-term negative effects of zero
> > gravity, etc., etc.???
> Maybe I'm not as familiar with NASA as others might be, but I would
> think NASA would try and hire the most gifted IT people they could find
> (e.g. the cream of the crop). Since I've never run into one, I can't
> prove this theory - I suppose it's possible they're all morons...but if
> I had the resources NASA has, there wouldn't be any idiots working for
> I wonder if their janitors require security clearance just to work
> there...if that's the case their IT people are most likely l33t.
Of course, one might think the same thing about the FED gov and the
various states govs. Untill one looks at pay rates, and how they compare
to the private sector. And that pays little or no mind to the POLITICS in
such places. One does not merely work in a gov related setting, one HAS
to play a political tightrope walk, with less the proportional pay that
private sector jobs provide. Thus, whne the OSB and GAO audits and their
released findings that make it into the headlines and before congress now
and then come as no surprise. I did an interesting article on the state
of cyber security a year or so ago mentioning some of this for TISC
Insight Newsletter, and a copy can be found at
C ourse, if anyone would like to hear the real nightmares of gov related
work and the political BS that prevents real work from getting
accomplished, I'll be happy to talk offline/offrecord.
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
Full-Disclosure is hosted and sponsored by Secunia.