|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Extreme Hacking
Budke (budke
panix.com)
Mon, 12 Jul 1999 17:18:25 -0400
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Andrew J. Luca: "RE: High availability"
- Previous message: Craig H. Rowland: "Re: Extreme Hacking"
- Next in thread: Dick Brooks: "Re: Extreme Hacking"
- Maybe reply: Dick Brooks: "Re: Extreme Hacking"
- Maybe reply: arkeltex.ru: "Re: Extreme Hacking"
- Maybe reply: Ryan Russell: "Re: Extreme Hacking"
- Maybe reply: sean.kellylanston.com: "RE: Extreme Hacking"
- Maybe reply: Frank W. Keeney: "RE: Extreme Hacking"
- Maybe reply: Matt McClung: "Re: Extreme Hacking"
- Maybe reply: LeGrow, Matt: "RE: Extreme Hacking"
- Maybe reply: sean.kellylanston.com: "RE: Extreme Hacking"
- Maybe reply: Chris St.Clair: "Re: Extreme Hacking"
- Maybe reply: sean.kellylanston.com: "RE: Extreme Hacking"
- Maybe reply: Alan Lustiger: "Re: Extreme Hacking"
- Maybe reply: Dwcprideaol.com: "Re: Extreme Hacking"
There are a couple benefits to the "ethical hacking" process.
a) Because of the recent press on hacking, it is somewhat buzzword
compliant, and it will get the attention of the C*Os
b) it is very cost prohibitive to do security reviews on all systems in a
network and in most network settings, there is a level of commonality of
trust amongst the environment. If you break the weak link, the rest often
fall like dominos.
For B, who's network doesn't have users that have the same password across
boxes. How many people do you think install all the latest patches as soon
as they are released. In many cases because of change-control procedures
they can't. In most cases, no one pays attention.
To say something in a slightly different way than Marcus was saying it, the
security problems are ultimately a social problem. If you fix that the
majority of security problems will go away. For the people with the right
funding, they will probably still be able to find a way into your
systems. But the easiest way to get info out of a company still remains
picking up the phone or walking in there. The need for a computer is rarely
there. It is just more glamorous.
- Next message: Andrew J. Luca: "RE: High availability"
- Previous message: Craig H. Rowland: "Re: Extreme Hacking"
- Next in thread: Dick Brooks: "Re: Extreme Hacking"
- Maybe reply: Dick Brooks: "Re: Extreme Hacking"
- Maybe reply: arkeltex.ru: "Re: Extreme Hacking"
- Maybe reply: Ryan Russell: "Re: Extreme Hacking"
- Maybe reply: sean.kellylanston.com: "RE: Extreme Hacking"
- Maybe reply: Frank W. Keeney: "RE: Extreme Hacking"
- Maybe reply: Matt McClung: "Re: Extreme Hacking"
- Maybe reply: LeGrow, Matt: "RE: Extreme Hacking"
- Maybe reply: sean.kellylanston.com: "RE: Extreme Hacking"
- Maybe reply: Chris St.Clair: "Re: Extreme Hacking"
- Maybe reply: sean.kellylanston.com: "RE: Extreme Hacking"
- Maybe reply: Alan Lustiger: "Re: Extreme Hacking"
- Maybe reply: Dwcprideaol.com: "Re: Extreme Hacking"
This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:19:03 CDT