Hello! dmiessler.com | grep understanding is using DISQUS, a powerful comment system, to manage its comments. Learn more.
Community Page
- dmiessler.com/ Jump to website »
-
Subscribe -
Community
-
Top Commenters
-
Popular Threads
-
Recent Comments
- I think this is a very helpful link. It fixes all the keyboard mapping problems. Even for VMware server 2.0 http://communities.vmware.com/message/1091425
- Test.
- "Yes, it helps people through altered perception of the world, but so do three glasses of wine." ___ Oh, so atheists do not drink alcohol because it is too much like religion?...
- burden is on those who make the assertion, not on those who deny
- • Theism is not a religion. Atheism is not a religion for the same reason. 'Theism' is an abstract noun which refers collectively to each organized religion which espouses the existence of...
dmiessler.com | grep understanding
dmiessler.com/about/
This vérité action series follows Tiger Team – a group of elite professionals hired to infiltrate major business and corporate interests with the objective of exposing weaknesses in the world’s most sophisticated security systems, defeating criminals at their own game. %0
... Continue reading »
1 year ago
I'm an IT professional and see no security value in publicly exposing weaknesses in the world’s most sophisticated security systems. This is not defeating criminals at their own game. It used to be that one had to go to prison to be trained in crime. Just another tactic of spreading fear. There is no such thing as a foolproof cost effective security system. Fix this by enforcing and the law. If I want less hot water I simply turn a knob on my sink.
1 year ago
Jason,
The point here is pretty simple: if we don't check ourselves to see if we have weaknesses, someone else will. We should not simply wait to be attacked using various methods that we're too lazy to find ourselves.
Penetration testing is an excellent way to test mature security programs. It doesn't prove security, but if it uncovers something, that information is often invaluable.
1 year ago
I've done security audits. To get my point watch "Bowling for Columbine." Watch how the fear Americans feel due to what is programmed on TV for us is juxtaposed against Canadians viewpoint on fear.
On a side note, I believe hackers who expose security holes publicly are wrong. Such exposures does not allow a vendor time to fix the problem before the exposed hack is likely used by the now informed public. The way I see it, the only right way to expose discovered security holes is to inform the vendor, period. Any further actions are only born from a desire for recognition. A fact for which IT vendors could capitalize.
1 year ago
On the disclosure point, that's generally accepted to be true. The only question is how long to give the vendor before going public.