Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Re: [Owasp-dotnet] RE: [SC-L] 4 Questions: Latest IE v

from [Gunnar Peterson] Network Security [Permanent Link]
Subject: [Full-disclosure] Re: [Owasp-dotnet] RE: [SC-L] 4 Questions: Latest IE vulnerability, Firefox vs IE security, Uservs Admin risk profile, and browsers coded in 100% Managed Verifiable code
Date: Wed, 29 Mar 2006 06:52:10 -0600
This comes back to that great concept called 'Faith-based' Security (see Gunnar Peterson's post http://1raindrop.typepad.com/1_raindrop/ 2005/11/net_and_java_fa.html ), which is when people are told so many times that something is secure, that that they believe that it MUST be secure. Some examples: 

This is also neatly summarized by Brian Snow thusly:

We will be in a truly dangerous stance: we will think we are secure (and act accordingly) when in fact we are not secure.

-gp

1. Notes and links on "We Need Assurance!" paper
http://1raindrop.typepad.com/1_raindrop/2005/12/the_road_to_ass.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  SF new interview announcement: Open source security testing methodology, Andrew van der Stock
Next by Date:  RE: [Full-disclosure] Java integer overflows (was: a really long topic), Tim Hollebeek
Previous by Thread:  [Full-disclosure] RE: [Owasp-dotnet] RE: [SC-L] 4 Questions: Latest IE vulnerability, Firefox vs IE security, Uservs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Eric Swanson
Next by Thread:  Announcement: The Web Hacking Incidents Database, contact
Indexes:  [Date] [Thread] [Top] [All Lists]