Re: [Full-disclosure] Making Security Suck Less
So the world needs more people to just accept the problems? I disagree. We're trying to fix a broken model by presenting new steps, new methods, and new directions. By helping seek improvements is I sleep soundly at night. To each his own, I suppose. Your doubts are welcomed. Please submit your corrections and ideas for improvement. Sincerely, -pete. -- Pete Herzog - Managing Director - p...@isecom.org ISECOM - Institute for Security and Open Methodologies www.isecom.org - www.osstmm.org www.hackerhighschool.org - www.badpeopleproject.org On 12/23/2010 9:26 AM, wac wrote: > Aha, welcome to the world. It is broken and will likely keep that way > for long. So do what i do... Adapt, take a seat, wear a green hat if > you can and forget about the rest. They will not understand, nor they > want to. Besides we would see a load of net admins loosing their jobs > / companies filling bankruptcy if the model changes so... > > You know what.. Bertrand Russell said once: > > "Men who are unhappy, like men who sleep badly, are always proud of the fact." > > Sort like the old way of saying "don't worry be happy!" :D > > And I have serious doubts about that OSSTMM btw. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Making Security Suck Less
Aha, welcome to the world. It is broken and will likely keep that way for long. So do what i do... Adapt, take a seat, wear a green hat if you can and forget about the rest. They will not understand, nor they want to. Besides we would see a load of net admins loosing their jobs / companies filling bankruptcy if the model changes so... You know what.. Bertrand Russell said once: "Men who are unhappy, like men who sleep badly, are always proud of the fact." Sort like the old way of saying "don't worry be happy!" :D And I have serious doubts about that OSSTMM btw. On 12/16/10, Pete Herzog wrote: > Hi, > > "Now not everything about the old security model is bad. Personally, I > really like the Zen feel of it. It's like raking the fine, white, > beach sand into those concentric lines and around rocks and dead fish > and stuff. It's very Zen. Then as the tide rises, the wind blows, and > Frisbees get badly thrown you have to do it all over again in a very > Zen way like this: Install. Harden. Configure. Patch. Scan. Patch > again. Update. Re-configure. Scan. Patch again. Uninstall. Re-install. > Configure. And then you do it all over again! With so much Zen > practice it's hard not to become a Master of the security repeat > cycle. But you know what else is Zen? NOT doing that. It's less > stressful to maintain an existing balance between operations, > limitations, and controls then running around and putting out fires." > > This is from my new article called, "Making Security Suck Less" you > can read finished at: > > https://www.infosecisland.com/blogview/10304-Making-Security-Suck-Less.html > > There's some more, new articles reviewing the OSSTMM and the new > security model at InfoSec Island here: > > https://www.infosecisland.com/osstmm.html > > Sincerely, > -pete. > > -- > Pete Herzog - Managing Director - p...@isecom.org > ISECOM - Institute for Security and Open Methodologies > www.isecom.org - www.osstmm.org > www.hackerhighschool.org - www.badpeopleproject.org > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Making Security Suck Less
--On December 16, 2010 12:06:03 PM +0100 Christian Sciberras wrote: > > I'm sorry, but your rant is unrealistic. The next best approach to > patch-test-release would be not releasing anything at all. > Which, come to think of it, is a release cycle that certain software vendors should consider. -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. *** "It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead." Thomas Jefferson "There are some ideas so wrong that only a very intelligent person could believe in them." George Orwell ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Making Security Suck Less
I might be lead by the leash on your little rant here, but let me say one thing... Half of the enthusiasm I had for your post evoparated after; "How many of you have ever had a virus, scareware, cracks, hacks, or spontaneous reboots even though you've got your wares updated and patches installed? Many of you are keeping your hands up." Enthusiasm simply got replaced with some doubts after reading... "Why did so many buy into the crap about "There's no such thing as perfect security." and "Security is a process."? Why?" An unused harddisk under several meters of concrete is perfectly vulnerable to all kinds of attacks. Let alone servers which are supposed to be running 24/7. I'm sorry, but your rant is unrealistic. The next best approach to patch-test-release would be not releasing anything at all. Just my 2cents-worth. Chris. On Thu, Dec 16, 2010 at 8:46 AM, Pete Herzog wrote: > Hi, > > "Now not everything about the old security model is bad. Personally, I > really like the Zen feel of it. It's like raking the fine, white, > beach sand into those concentric lines and around rocks and dead fish > and stuff. It's very Zen. Then as the tide rises, the wind blows, and > Frisbees get badly thrown you have to do it all over again in a very > Zen way like this: Install. Harden. Configure. Patch. Scan. Patch > again. Update. Re-configure. Scan. Patch again. Uninstall. Re-install. > Configure. And then you do it all over again! With so much Zen > practice it's hard not to become a Master of the security repeat > cycle. But you know what else is Zen? NOT doing that. It's less > stressful to maintain an existing balance between operations, > limitations, and controls then running around and putting out fires." > > This is from my new article called, "Making Security Suck Less" you > can read finished at: > > https://www.infosecisland.com/blogview/10304-Making-Security-Suck-Less.html > > There's some more, new articles reviewing the OSSTMM and the new > security model at InfoSec Island here: > > https://www.infosecisland.com/osstmm.html > > Sincerely, > -pete. > > -- > Pete Herzog - Managing Director - p...@isecom.org > ISECOM - Institute for Security and Open Methodologies > www.isecom.org - www.osstmm.org > www.hackerhighschool.org - www.badpeopleproject.org > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Making Security Suck Less
Hi, "Now not everything about the old security model is bad. Personally, I really like the Zen feel of it. It's like raking the fine, white, beach sand into those concentric lines and around rocks and dead fish and stuff. It's very Zen. Then as the tide rises, the wind blows, and Frisbees get badly thrown you have to do it all over again in a very Zen way like this: Install. Harden. Configure. Patch. Scan. Patch again. Update. Re-configure. Scan. Patch again. Uninstall. Re-install. Configure. And then you do it all over again! With so much Zen practice it's hard not to become a Master of the security repeat cycle. But you know what else is Zen? NOT doing that. It's less stressful to maintain an existing balance between operations, limitations, and controls then running around and putting out fires." This is from my new article called, "Making Security Suck Less" you can read finished at: https://www.infosecisland.com/blogview/10304-Making-Security-Suck-Less.html There's some more, new articles reviewing the OSSTMM and the new security model at InfoSec Island here: https://www.infosecisland.com/osstmm.html Sincerely, -pete. -- Pete Herzog - Managing Director - p...@isecom.org ISECOM - Institute for Security and Open Methodologies www.isecom.org - www.osstmm.org www.hackerhighschool.org - www.badpeopleproject.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/