[Full-Disclosure] Re: MS04-025 - Ignorance is truly bliss....
capegeo at opengroup.org
Fri Aug 6 16:48:48 BST 2004
On Thursday 05 August 2004 18:49, hellNbak allegedly wrote:
> On Thu, 5 Aug 2004 someone pretending to have a nmrc email addy
> The only mistake you make above is that you paint the entire industry
> with the same brush. Yes, I and a lot of people make money in this
> industry. We took a hobby and made it a job -- why not? Why not get
> paid for something you enjoy. Working in this industry does not
> automatically make you a false profit as you explain above.
> Over the long term -- no one will benifet -- and I dont care how big
> the paycheck is -- telling a client what they want to hear is not the
> way many of us choose to make a living. Sure, there are a lot of
> people in EVERY industry that are willing to push ethics aside and do
> what it takes for that paycheck but I know I can look myself in the
> mirror and say that I am not one of those people.
> Eventually the false prophets are exposed, sure they already got
> their paycheck and have moved on to the next sucker but eventually
> they run out of suckers and money.
> > What do you hope to achieve, or how do you believe your opinion is
> > being relevant or novel, if you come to this audience, and state
> > that CERT is no longer credible, and is a bunch of crooks who live
> > off selling advance vulnerability warnings? Or that Microsoft is
> > not exactly particularly devoted to improving security of their
> > products and protecting their customers?
> I hoped to stir some shit up, perhaps give the guys over at
> secure at microsoft.com a bit of a kick in the nuts as there was a time
> that they were making at least a little progress. I was hoping to
> draw enough attention to this issue that perhaps someone from one of
> the major banks will one day sit down and correlate the connection
> between vulnerabilities such as this and losses due to fraud. The
> only way that any vendor is going to be forced to actually care about
> security and actually care about users is when those users mean lots
> of $$$ to them.
There just might be some hope . . . check out this white paper from PWC
on "Integrity-Driven Performance."
(URL might wrap). You can get it from Google if you search on
pwc_grc_wp.pdf . . .
Full-Disclosure is hosted and sponsored by Secunia.