I would think people get complacent and then prevention fails. -mmiller
- On Mon, Dec 14, 2009 at 1:42 PM, Jason Wood <[email protected]> wrote: > It reminded me of Richard Beijtlich's statement that "prevention eventually > fails". So do I go with Richard's outlook or Gregory's? Add in my own > experience in the land of reality and I'll stick with Richard's. ;-) > > > > On Mon, Dec 14, 2009 at 1:37 PM, Michael Douglas <[email protected]> > wrote: >> >> That comment "you can't ever fail" is part of the reason this guy is >> such a jackhole. He's perpetuating very scary and damaging myths >> about infosec. >> >> -= Hey John Strand, your doctor told me to keep your blood from >> boiling over so you might want to skip until you hit the next comment >> marked like this =- >> <The text below is encrypted with non-john-strand crypto. As long as >> you're not John Strand this text appears like plain text... but it's >> not. We here at PaulDotCom have special tech that allows for strange >> things... in this case, John Strand will see nothing but gibberish, or >> perhaps an in-depth review of a death metal band. He's never really >> been clear about what he sees when presented with this sort of elite >> crypto.> >> >> Everyone makes mistakes. Systems fail, everything rots. Entropy will >> triumph in the end. It all gets back to the concept of failing >> gracefully. John's been harping this point over and over lately, and >> it's apparent that "teh bestest haxor evarz" has somehow missed out on >> these talks. It must be all the 15 minute training sessions. Those >> add up on your time. (/me rolls his eyes) >> >> DO NOT TELL JOHN THAT THE BEST HACKER ISN'T AWARE OF THIS. He might >> flip out and maybe do something strange... no stranger than what he >> normally does. Truth is, I don't like thinking about it. The longer >> you stare at the Abyss the longer it stares back at you. ;-) >> >> But you don't have to miss out like #1 super hacker has so far! >> http://www.irongeek.com/i.php?page=videos/the-internet-is-evil-john-strand >> >> -= John, you can return to the reading ;-) =- >> >> >> Security Consultants are NOT responsible for the security of a >> company. We're not. EVER! That belongs to management. Security >> programs that fail are ones where they forget our responsibilites. >> Our duties are to measure, report, and mitigate risks as directed to >> from management. Anytime we set ourselves out to do differently we're >> drifting to Evans' style and that's something we certainly want to >> discourage. Unless you want lumps of coal from Santa for some >> reason... >> >> - Mick >> >> >> On Mon, Dec 14, 2009 at 1:27 PM, Jason Wood <[email protected]> wrote: >> > I got a chuckle out of this line from the article. >> > >> > "Drawbacks: Talk about stress. If a system is infiltrated by a virus or >> > hacker, it could mean lights out for the security consultant's career. >> > "This >> > is a job you can't afford to ever fail in," says Evans." >> > >> > What was funny to me was I remember a thread a while back where a lot of >> > us >> > talked about getting into infosec **because** we got hacked. I suppose >> > I >> > was just doing sysadmin work at the time, so you could point to that as >> > a >> > reason why I've never had much career trouble. Still, I had to grin at >> > it. >> > >> > >> > Jason >> > >> > >> > >> > On Mon, Dec 14, 2009 at 9:06 AM, Soft Reset <[email protected]> >> > wrote: >> >> >> >> Hmmm...I'm going out on a limb here, but I'm not seeing why he's *is* a >> >> fraud? I understand how this profile can portray us in a negative >> >> light as >> >> people who see *us* may think we were once on the black-hat side of >> >> things, >> >> but do you all think its impossible for someone to switch to the >> >> white-side? >> >> >> >> Although to be honest, no, I wouldn't trust him. Convicted in 2002, >> >> served 16 months means he was *probably* still in jail or just out when >> >> he >> >> started his company in 2003. And "...that year, computer security >> >> stores >> >> contracted to sell his cyber security software." So, in less than a >> >> year of >> >> getting out of prison, he has a company and "computer security stores" >> >> sold >> >> his software? WTF??? >> >> >> >> Ok, maybe I understand now...maybe it was just too early in the day. >> >> >> >> >> >> On Mon, Dec 14, 2009 at 4:21 AM, John Strand <[email protected]> >> >> wrote: >> >>> >> >>> Check it out: >> >>> >> >>> http://money.cnn.com/magazines/moneymag/bestjobs/2009/snapshots/8.html >> >>> >> >>> On the plus side. I think it is nice that we have some job >> >>> security... >> >>> >> >>> On the downside.... Why did they have to go and find "The Worlds #1 >> >>> Hacker?" >> >>> >> >>> Now anyone that wants to get into this field thinks that all they need >> >>> is a CISSP and to be an asshat. >> >>> >> >>> Wait..... That might be accurate. >> >>> >> >>> John Strand >> >>> CISSP, GCIH, GCFW, ' or 1=1; --, Asshat >> >>> _______________________________________________ >> >>> Pauldotcom mailing list >> >>> [email protected] >> >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> >>> Main Web Site: http://pauldotcom.com >> >> >> >> >> >> _______________________________________________ >> >> Pauldotcom mailing list >> >> [email protected] >> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> >> Main Web Site: http://pauldotcom.com >> > >> > >> > >> > -- >> > >> > irc: Tadaka >> > Twitter: Jason_Wood >> > jwnetworkconsulting.com >> > >> > _______________________________________________ >> > Pauldotcom mailing list >> > [email protected] >> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> > Main Web Site: http://pauldotcom.com >> > >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com > > > > -- > > irc: Tadaka > Twitter: Jason_Wood > jwnetworkconsulting.com > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
