Network Security: Detailed info on Re: Vulnerabilites in new laws on computer hacking

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Vuln-Dev

[Top] [All Lists]

Re: Vulnerabilites in new laws on computer hacking

from [Seth Breidbart] Network Security

[Permanent Link]

Subject:	Re: Vulnerabilites in new laws on computer hacking
Date:	Fri, 17 Feb 2006 00:43:49 -0500 (EST)

"Marcus J. Ranum" <mjr@ranum.com> wrote:

If you're trying to understand the security properties of a
system by breaking into it, you not producing valuable
reports, anyhow. All you are doing is telling them where
to put the next band-aid.


I know of too many (more than none is too many) examples where a
company went to a Big Consulting Firm and asked for a report on the
security of their systems.  Many tens of kilobucks later, they got a
fancy bound report that said "we couldn't break in" followed by 200
pages of ass-covering by the consulting firm.  Then they went to a
real security expert, who spent one day attacking their system and
gave them a report saying "here are the five easiest ways I found to
break into your system.  Fix them and call me back."

You might not consider that valuable; but how do you consider the
expensive fancy bound completely worthless report?

Seth

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Vulnerabilites in new laws on computer hacking, (continued) Re: Vulnerabilites in new laws on computer hacking, Radoslav Dejanović Re: Vulnerabilites in new laws on computer hacking, Max Ashton Re: Vulnerabilites in new laws on computer hacking, Sysmin Sys73m47ic Re: Vulnerabilites in new laws on computer hacking, Radoslav DejanoviÄ Re: Vulnerabilites in new laws on computer hacking, Glynn Clements Re: Vulnerabilites in new laws on computer hacking, Jon Gucinski Re: Vulnerabilites in new laws on computer hacking, ArkanoiD RE: Vulnerabilites in new laws on computer hacking, Craig Wright Message not available RE: Vulnerabilites in new laws on computer hacking, Marcus J. Ranum Re: Vulnerabilites in new laws on computer hacking, dave Re: Vulnerabilites in new laws on computer hacking, Seth Breidbart <= Re: Vulnerabilites in new laws on computer hacking, ArkanoiD Re: Vulnerabilites in new laws on computer hacking, ArkanoiD RE: Vulnerabilites in new laws on computer hacking, Anthony Cicalla RE: Vulnerabilites in new laws on computer hacking, Bigby Findrake Re: Vulnerabilites in new laws on computer hacking, Casper . Dik Re: Vulnerabilites in new laws on computer hacking, Jure Koren Re: Vulnerabilites in new laws on computer hacking, FocusHacks RE: Vulnerabilites in new laws on computer hacking, Craig Wright RE: Vulnerabilites in new laws on computer hacking, Benson, Sean M RE: Vulnerabilites in new laws on computer hacking, Craig Wright

Previous by Date:	Re: Vulnerabilites in new laws on computer hacking, dave
Next by Date:	Re: Vulnerabilites in new laws on computer hacking, ArkanoiD
Previous by Thread:	Re: Vulnerabilites in new laws on computer hacking, dave
Next by Thread:	Re: Vulnerabilites in new laws on computer hacking, ArkanoiD
Indexes:	[Date] [Thread] [Top] [All Lists]