I think his point is more that no matter how vigilant you are and what defenses you have in place, someone is more clever than you and will get you. But yes, in a practical sense complacency (or just spreading people too thin) will get you first.
On Tue, Dec 15, 2009 at 11:34 AM, Michael Miller <[email protected]>wrote: > I would think people get complacent and then prevention fails. > > -mmiller > > - > > On Mon, Dec 14, 2009 at 1:42 PM, Jason Wood <[email protected]> wrote: > > It reminded me of Richard Beijtlich's statement that "prevention > eventually > > fails". So do I go with Richard's outlook or Gregory's? Add in my own > > experience in the land of reality and I'll stick with Richard's. ;-) > > > > > > > > On Mon, Dec 14, 2009 at 1:37 PM, Michael Douglas <[email protected]> > > wrote: > >> > >> That comment "you can't ever fail" is part of the reason this guy is > >> such a jackhole. He's perpetuating very scary and damaging myths > >> about infosec. > >> > >> -= Hey John Strand, your doctor told me to keep your blood from > >> boiling over so you might want to skip until you hit the next comment > >> marked like this =- > >> <The text below is encrypted with non-john-strand crypto. As long as > >> you're not John Strand this text appears like plain text... but it's > >> not. We here at PaulDotCom have special tech that allows for strange > >> things... in this case, John Strand will see nothing but gibberish, or > >> perhaps an in-depth review of a death metal band. He's never really > >> been clear about what he sees when presented with this sort of elite > >> crypto.> > >> > >> Everyone makes mistakes. Systems fail, everything rots. Entropy will > >> triumph in the end. It all gets back to the concept of failing > >> gracefully. John's been harping this point over and over lately, and > >> it's apparent that "teh bestest haxor evarz" has somehow missed out on > >> these talks. It must be all the 15 minute training sessions. Those > >> add up on your time. (/me rolls his eyes) > >> > >> DO NOT TELL JOHN THAT THE BEST HACKER ISN'T AWARE OF THIS. He might > >> flip out and maybe do something strange... no stranger than what he > >> normally does. Truth is, I don't like thinking about it. The longer > >> you stare at the Abyss the longer it stares back at you. ;-) > >> > >> But you don't have to miss out like #1 super hacker has so far! > >> > http://www.irongeek.com/i.php?page=videos/the-internet-is-evil-john-strand > >> > >> -= John, you can return to the reading ;-) =- > >> > >> > >> Security Consultants are NOT responsible for the security of a > >> company. We're not. EVER! That belongs to management. Security > >> programs that fail are ones where they forget our responsibilites. > >> Our duties are to measure, report, and mitigate risks as directed to > >> from management. Anytime we set ourselves out to do differently we're > >> drifting to Evans' style and that's something we certainly want to > >> discourage. Unless you want lumps of coal from Santa for some > >> reason... > >> > >> - Mick > >> > >> > >> On Mon, Dec 14, 2009 at 1:27 PM, Jason Wood <[email protected]> wrote: > >> > I got a chuckle out of this line from the article. > >> > > >> > "Drawbacks: Talk about stress. If a system is infiltrated by a virus > or > >> > hacker, it could mean lights out for the security consultant's career. > >> > "This > >> > is a job you can't afford to ever fail in," says Evans." > >> > > >> > What was funny to me was I remember a thread a while back where a lot > of > >> > us > >> > talked about getting into infosec **because** we got hacked. I > suppose > >> > I > >> > was just doing sysadmin work at the time, so you could point to that > as > >> > a > >> > reason why I've never had much career trouble. Still, I had to grin > at > >> > it. > >> > > >> > > >> > Jason > >> > > >> > > >> > > >> > On Mon, Dec 14, 2009 at 9:06 AM, Soft Reset <[email protected] > > > >> > wrote: > >> >> > >> >> Hmmm...I'm going out on a limb here, but I'm not seeing why he's *is* > a > >> >> fraud? I understand how this profile can portray us in a negative > >> >> light as > >> >> people who see *us* may think we were once on the black-hat side of > >> >> things, > >> >> but do you all think its impossible for someone to switch to the > >> >> white-side? > >> >> > >> >> Although to be honest, no, I wouldn't trust him. Convicted in 2002, > >> >> served 16 months means he was *probably* still in jail or just out > when > >> >> he > >> >> started his company in 2003. And "...that year, computer security > >> >> stores > >> >> contracted to sell his cyber security software." So, in less than a > >> >> year of > >> >> getting out of prison, he has a company and "computer security > stores" > >> >> sold > >> >> his software? WTF??? > >> >> > >> >> Ok, maybe I understand now...maybe it was just too early in the day. > >> >> > >> >> > >> >> On Mon, Dec 14, 2009 at 4:21 AM, John Strand <[email protected]> > >> >> wrote: > >> >>> > >> >>> Check it out: > >> >>> > >> >>> > http://money.cnn.com/magazines/moneymag/bestjobs/2009/snapshots/8.html > >> >>> > >> >>> On the plus side. I think it is nice that we have some job > >> >>> security... > >> >>> > >> >>> On the downside.... Why did they have to go and find "The Worlds #1 > >> >>> Hacker?" > >> >>> > >> >>> Now anyone that wants to get into this field thinks that all they > need > >> >>> is a CISSP and to be an asshat. > >> >>> > >> >>> Wait..... That might be accurate. > >> >>> > >> >>> John Strand > >> >>> CISSP, GCIH, GCFW, ' or 1=1; --, Asshat > >> >>> _______________________________________________ > >> >>> Pauldotcom mailing list > >> >>> [email protected] > >> >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> >>> Main Web Site: http://pauldotcom.com > >> >> > >> >> > >> >> _______________________________________________ > >> >> Pauldotcom mailing list > >> >> [email protected] > >> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> >> Main Web Site: http://pauldotcom.com > >> > > >> > > >> > > >> > -- > >> > > >> > irc: Tadaka > >> > Twitter: Jason_Wood > >> > jwnetworkconsulting.com > >> > > >> > _______________________________________________ > >> > Pauldotcom mailing list > >> > [email protected] > >> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> > Main Web Site: http://pauldotcom.com > >> > > >> _______________________________________________ > >> Pauldotcom mailing list > >> [email protected] > >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> Main Web Site: http://pauldotcom.com > > > > > > > > -- > > > > irc: Tadaka > > Twitter: Jason_Wood > > jwnetworkconsulting.com > > > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > -- irc: Tadaka Twitter: Jason_Wood jwnetworkconsulting.com
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
