Nick FitzGerald wrote:
> ...I realized another thing I really dislike about Twitter _and_ that I
> suspect is a major part of its attraction for a certain (rather large)
> portion of its users, and it really is about "shouting into the
> darkness". I believe that a lot of Twitter's (sub-cons
About a week ago Gadi to me to Gadi:
> >> You haven't been on twitter, have you?
> >
> > I've never seen anything useful/interesting that I didn't get through
> > other media.
> >
> > I _have to_ read those other sources, so why waste the extra time getting
> > nothing additional at a very low sig
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Via Threat Level.
[snip]
Ehud Tenenbaum, an Israeli hacker arrested in Canada last year for
allegedly stealing about $1.5 million from Canadian banks, also allegedly
hacked two U.S. banks, a credit and debit card distribution company and a
payment pr
How ironic, for the most videod population in the world.
-Original Message-
From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org]
On Behalf Of Juha-Matti Laurio
Sent: Tuesday, March 24, 2009 4:28 PM
To: funsec@linuxbox.org
Subject: [funsec] Privacy group targets Google S
> : Sorry, but this is kinda of what I was talking about :-) What I am
> : hearing in the above is that PCI was somehow supposed to guarantee their
> : un-hackability. Is that what you are implying? What about a simpler
> : explanation: they were breached DESPITE PCI DSS?
>
> You say "PCI DSS did
http://wpcomics.washingtonpost.com/client/wpc/nq/2009/03/24/
Ciao!
Remo
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
"Watchdog group Privacy International has filed a formal complaint with the
U.K. government over the recent introduction of Google's Street View in Britain.
Simon Davies, director of Privacy International, argues that Street View has
caused "clear embarrassment and damage"
to many residents of t
http://www.reuters.com/article/internetNews/idUSTRE52N1VN20090324
Juha-Matti
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
http://twitter.com/treguly
On Tue, Mar 24, 2009 at 10:36 AM, Amrit Williams wrote:
> http://twitter.com/amrittsering
>
>
> On Tue, Mar 24, 2009 at 6:15 AM, wrote:
>>
>> http://twitter.com/crissup
>>
>> --
>> John
>>
>>
>>
>> ===
On Tue, Mar 24, 2009 at 6:46 AM, Gadi Evron wrote:
> Security theater does in fact have uses. Secrecy can be a strong line of
> defense and psychological barriers are in fact barriers, as we are
> dealing with human beings. So, security by obscurity is an extremely
> useful tool, the problem is w
On Tue, Mar 24, 2009 at 5:23 PM, Benjamin April wrote:
> A layer of security is nothing more than a
> time-delay device. Some layers provide more delay
> than others. Very often the so called "security
> theatre" provides a delay equal to the time spent
> studying it for weaknesses.
>
> Security t
A layer of security is nothing more than a
time-delay device. Some layers provide more delay
than others. Very often the so called "security
theatre" provides a delay equal to the time spent
studying it for weaknesses.
Security theatre and security by obscurity suffer
from the same weakness in tha
I like it! Especially with the Alcohol involved :-)
But everyone already knows that Coke is much better than Pepsi, so that
one's a moot point ;-)
Mike B
-Original Message-
From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org]
On Behalf Of Gadi Evron
Sent: Sunday, Ma
http://twitter.com/amrittsering
On Tue, Mar 24, 2009 at 6:15 AM, wrote:
> http://twitter.com/crissup
>
> --
> John
>
>
>
>
> This email is confidential and intended solely for the use of the
> individual or organization to
http://twitter.com/lorgandon
--
Imri Goldberg
--
www.algorithm.co.il/blogs/
--
-- insert signature here
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/
Jon Kibler wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Anton Chuvakin wrote:
>>> same answer: "I don't participate in security theater." I think this
>> First, I am amazed how people so intelligent can hold opinions so
>> shortsighted :-)
>
> I unquestionably stand by my assertio
nick hatch wrote:
> Until the details are known in full, it seems a bit premature to debate
> the effectiveness of PCI and use Heartland as evidence one way or
> another. Even if the transactions were encrypted on the wire, a lack of
> internal controls could still allow a theoretical insider to
http://twitter.com/crissup
--
John
This email is confidential and intended solely for the use of the individual or
organization to whom it is addressed. Any opinions or advice presented are
solely those of the author an
Drsolly wrote:
>
> And the "Perfect Antivirus", when used correctly, will detect all viruses
> past present and future, and give no false alarms. Plus it's free.
I know what an anti virus is. It's a mostly reactive software that sells
based on marketing and support.
> I know the PCI DSS very w
> Safer as in having a lot of eggs in one attractive basket
> is safer than lots of less-safe but not-worth-hacking
> baskets? Safer as in "big companies don't get hacked"?
The problem is that the smaller sites are worth hacking these days. The
larger companies are doing a better job, and the hac
security curmudgeon wrote:
>
> http://mrwiggleslovesyou.com/rehab506.html
>
> Awesome.
heheheheh
Anyway, if you guys keep insisting on sending in URLs against twitter,
here's a response. Our side acknolwedges things are not perfect, and may
become better, but they are pretty sweet.
http://ww
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Kaegler, Mike wrote:
>
> Alone, PCI can't do a lot; one needs a competent and interested security
> professional. Likewise, said professional can't do a lot without a business
> mandate (which PCI provides).
>
> PCI is not a magic bullet, but it isn'
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Anton Chuvakin wrote:
>> same answer: "I don't participate in security theater." I think this
>
> First, I am amazed how people so intelligent can hold opinions so
> shortsighted :-)
I unquestionably stand by my assertion that PCI DSS is pure securit
http://mrwiggleslovesyou.com/rehab506.html
Awesome.
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
> To a point, it seems all certification processes can be
> defeated by creative responses or other activity one could
> loosely call "cheating".
I don't think it's a matter of "cheating" PCI and various things that start
with ISO: most of them have an element of "tell us what you do and we'll
On Tue, 24 Mar 2009, security curmudgeon wrote:
>
>
> On Mon, 23 Mar 2009, Anton Chuvakin wrote:
>
> : > : I'd say that PCI DSS did more to information security than *anything
> : > : else* since Windows added automated updates.
> :
> : > Care to back that up in any way? I think the customers
On Mon, 23 Mar 2009, Justin D. Scott wrote:
> > I think such motion from total ignorance to doing
> > "a piss-poor job" of security represents a huge
> > progress for such, mostly small, organizations.
>
> There also many small companies that took one look at PCI and just gave up
> entirely and o
On 3/23/09 3:15 PM, "Jon Kibler" wrote:
> I am frequently asked why I refuse to do PCI audits. I always have the
> same answer: "I don't participate in security theater."
To a point, it seems all certification processes can be defeated by creative
responses or other activity one could loosely cal
28 matches
Mail list logo
