-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 So the other thing that became obvious is that we are completely wasting our time having law enforcement track down people who steal credit cards numbers. There's no reason a credit card number should be valid for anything but a single transaction, but the banks for some reason don't want to redo their systems.
So instead, the US Govt subsidizes them and spends all their time hunting down the thousands of people involved in credit card theft, which accomplishes exactly nothing. Honestly, they have better things to do, imo. For every "BadB" caught, five more are in line to do exactly the same thing. Meanwhile, the number of days a credit card can be in use before it gets compromised by a hacker is approximately one. What's wrong with this picture? - -dave Dave Aitel wrote: > So I was at a meeting last week, and one of the high ranking members > said something like this, which I'm sure you've heard before: > > Member: We've improved our communications by setting up this great > website! It allows us to communicate all our super-important and > highly confidential information. We had a marketing team put it > together so it looks really professional and nice and is easy to use. > We think this will really help our mission. Oh, and we had a friend of > a friend do a quick free security scan for us, so it's secure too. > > So here's my simple and 100% accurate metric: If you spent more on > your GUI than on your security, you don't have a secure application. > Start preparing for the PR fallout of your website getting hacked now. > > > -dave > _______________________________________________ > Dailydave mailing list > [email protected] > https://lists.immunityinc.com/mailman/listinfo/dailydave - -- INFILTRATE 2011 - April 16-17th The world's first and best offensive information security conference Call +1-786-220-0600 to sign up today! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAk1TCmYACgkQtehAhL0gheoe9ACeJX7F3THnkekbvmpLekJCwp5F WewAn3i0t1VK/bZgmNI45kuj3GKSEQn1 =v1a4 -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
