OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: [Full-disclosure] What do you guys think about it?

From: Christian Sciberras (uuf6429gmail.com)
Date: Sat May 29 2010 - 01:14:17 CDT


Of course it's boring, the days when one said "I've just found another 50
holes in MS's network stack" are all gone.

The thing is, you are either a security professional *testing products* or
you're just talking about security thinking you are one.
In the past all it took to "become a 'hacker'" was getting informed about
hacking techniques, finding some exploit (which was way more easy than
today) and finally someone calling you "hacker".

Mind you, many call me "hacker" seeing me using consoles but (irony irony)
I'm no [seasoned] hacker.

As a software developer, I still find certain security issues challenging.
Sure Mr Purser might find everything less exciting, but hey did you write
anything from scratch lately? What are you coding in, Javascript or JQuery
(as an example)?

My point is, frameworks and products address security issues themselves,
making it easier for end-developers to use. But a big time hacker like Mr
Purser finds it boring.

As of myself, I refrain from depending on frameworks for a single useful
feature, which means I have to write from scratch and study that feature,
making sure it is "safe".
And who knows, while at it I might notice a bu or two in the said
framework...

Regards,
Christian Sciberras

On Fri, May 28, 2010 at 9:42 PM, Thor (Hammer of God)
<Thorhammerofgod.com>wrote:

> Exactly.
>
> -----Original Message-----
> From: full-disclosure-bounceslists.grok.org.uk [mailto:
> full-disclosure-bounceslists.grok.org.uk] On Behalf Of Marsh Ray
> Sent: Friday, May 28, 2010 12:37 PM
> To: full-disclosurelists.grok.org.uk
> Subject: Re: [Full-disclosure] What do you guys think about it?
>
> On 5/28/2010 2:18 PM, Rafael Moraes wrote:
> > Read and give your opinion!
> >
> > http://www.networkworld.com/community/node/60303
>
> If he thinks security is boring problem solved by installing the latest
> plug-in appliance, I see he has two options:
>
> 1. Publicly issue a "hack me" challenge listing the names of his
> employers/clients. Extend a big middle finger to some organized
> international groups. That might make his job more interesting for a while.
>
> - or -
>
> B. Step aside and let somebody with energy and imagination have a turn.
>
> - Marsh
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/