Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: What do you guys think about it?
From: Christian Sciberras <uuf6429 () gmail com>
Date: Sat, 29 May 2010 08:14:17 +0200

Of course it's boring, the days when one said "I've just found another 50
holes in MS's network stack" are all gone.

The thing is, you are either a security professional *testing products* or
you're just talking about security thinking you are one.
In the past all it took to "become a 'hacker'" was getting informed about
hacking techniques, finding some exploit (which was way more easy than
today) and finally someone calling you "hacker".

Mind you, many call me "hacker" seeing me using consoles but (irony irony)
I'm no [seasoned] hacker.

As a software developer, I still find certain security issues challenging.
Sure Mr Purser might find everything less exciting, but hey did you write
anything from scratch lately? What are you coding in, Javascript or JQuery
(as an example)?

My point is, frameworks and products address security issues themselves,
making it easier for end-developers to use. But a big time hacker like Mr
Purser finds it boring.

As of myself, I refrain from depending on frameworks for a single useful
feature, which means I have to write from scratch and study that feature,
making sure it is "safe".
And who knows, while at it I might notice a bu or two in the said
framework...

Regards,
Christian Sciberras





On Fri, May 28, 2010 at 9:42 PM, Thor (Hammer of God)
<Thor () hammerofgod com>wrote:

Exactly.

-----Original Message-----
From: full-disclosure-bounces () lists grok org uk [mailto:
full-disclosure-bounces () lists grok org uk] On Behalf Of Marsh Ray
Sent: Friday, May 28, 2010 12:37 PM
To: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] What do you guys think about it?

On 5/28/2010 2:18 PM, Rafael Moraes wrote:
Read and give your opinion!

http://www.networkworld.com/community/node/60303

If he thinks security is boring problem solved by installing the latest
plug-in appliance, I see he has two options:

1. Publicly issue a "hack me" challenge listing the names of his
employers/clients. Extend a big middle finger to some organized
international groups. That might make his job more interesting for a while.

- or -

B. Step aside and let somebody with energy and imagination have a turn.

- Marsh

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault