Home page logo

basics logo Security Basics mailing list archives

Re: How hackers cause damage...
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Fri, 3 Mar 2006 00:02:05 +0100

On 2006-03-03 Craig Wright wrote:
In reply to Ansgar Wiechers
How do you propose to fix vendor issues.

Sue them. After all you paid them money.

So in cases where life has been lost, it is ok as long as there is
remedy in tort? The life is less important that the monetary cost?

That's pretty obvious, because if life was more important, measures
would have been taken *before* an incident could have happened, don't
you think?¹

So? Any connection can be secured. Lack of skills is no excuse
whatsoever as there are skilled people out there who can be hired.

Do you have the faintest idea of Risk. The cost of security is inverse
to the amount of security. You want 100% security you pay more than
the cost of the item to be secured. I suggest that you get a little
training on risk. Learn that there are financial costs to security.

Take your uppity and stick it where the sun doesn't shine, will ya? I
wasn't talking about achieving 100% security, but about moving away from
having 0% security at all. And I'm pretty sure my grasp on risk and
costs of security isn't that much worse than yours. However, I most
definitely do not share your opinion that there are too few clueful
people out there. It's just that there are too many clueless people.

[ Networks being insecure nowadays ]

Tell news. However, prosecuting people who exploit these insecurities
doesn't change anything about the vulnerabilities being there and also
doesn't change anything about people exploiting them. I said it before,
and I'm going to repeat it here because you obviously failed to get my

- I DO NOT believe that cluelessness should be protected by the law.
- I DO NOT believe that a law will prevent bad things from happening.
- I DO believe that proper security measures WILL prevent bad things
  from happening.

That suggests a certain course of action. IMnsHO.

Ansgar Wiechers

¹ sarcasm may be kept by the finder
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]