[Full-disclosure] Absolute Sownage (A concise history of recent Sony hacks)
mrx at propergander.org.uk
Thu Jun 16 12:56:25 BST 2011
-----BEGIN PGP SIGNED MESSAGE-----
On 16/06/2011 12:24, coderman wrote:
> On Wed, Jun 15, 2011 at 9:16 AM, <Valdis.Kletnieks at vt.edu> wrote:
>> And there's the flip side of it - there's some 140+ million .com's out there.
>> For the vast majority of them, covering the 95% is in fact sufficient, because
>> they are *so* small that it's probably safe to bet that everybody with actual
>> skillz is too busy hitting more valuable targets to bother whacking them.
> 140+ million .com's full of vuln. was this supposed to be a cheerful message?
It really depends on the colour of your hat.
>> After all, how many black hats with skillz will spend 3-4 days figuring out
>> how to whack Billy Bob's Bait, Tackle and Cell Phones and make maybe a
>> few hundred dollars, when they can go whack something in the 95% range
>> in a short afternoon and make 10 times as much?
> i don't spell skillz "C I S S P"
> ... and respectable blackhats aren't paid hourly!
> (btw, it would take 5-15 minutes, cell phone resellers are great
> avenues into carrier networks, and you gotta bait your phishes,
> right?. perhaps you picked a poor example to prop up this whimsical
>> Yes, you're still technically vulnerable, but at some point you really need
>> to give up the paranoia and get on with your actual business.
> basic competencies and practices are "paranoia" level precautions.
> this is what makes infosec great!
> however i agree with your premise. it's a business decision; nobody
> cares; and it's cheaper to fuck off now and repent later on the off
> chance (read: very slim chance) you lose your bet on the pwnies... and
> even then you're likely able to pass the buck off on the next vendor
> or provider - Get Out of Responsibility Free Card!
> now pardon me as i sate this urge to inebriate which you have
> masterfully instilled via discourse on the destitute digital denizens
> devoid of any desire to deliver themselves from the absurd theater
> that is "information security" and the prevalent lack thereof.
> [can i buy whiskey with bitcoin yet?]
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Mankind's systems are white sticks tapping walls.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
Full-Disclosure is hosted and sponsored by Secunia.