- BSOFH Catering to a niche market. SecuObs - L'observatoire de la sécurite internet - Site d'informations professionnelles francophone sur la sécurité informatique

Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS

Menu > Articles de la revue de presse : - l'ensemble [tous | francophone] - par mots clé [tous] - par site [tous] - le tagwall [voir] - Top bi-hebdo de la revue de presse [Voir]

S'abonner au fil RSS global de la revue de presse

BSOFH Catering to a niche market.

Par Layer 8
Le [2009-11-22] à 16:45:57

Présentation : Oh, there you are, Terry, I said to the Intern as he peered cautiously around the doorjamb. Come on in. You re finally going to learn the secrets of my operation. What IS all this And why is it even darker than in the sysadmins cubes he wanted to know. This, my boy, is my money-making operation. You don t really think I can afford all my toys on an ISO salary alone, do you Not to mention the ongoing bribes. He gazed at all the women sitting around with headsets, staring at flatscreens. You re running a HELP DESK Not quite. Meet the one, the ONLY, security phone chat line. And by chat I mean a very special kind of chat. We give the security geeks the one thing they can t get anywhere else. He shivered. You mean ... Yes. We talk SECURITY to them. Raw, unadulterated, uninhibited security. We use the words they want to hear. And believe me, they pay a LOT for it. I took him by the first pod, where a comely young thing was saying, Oh yeah, I m compliant, baby. Want to see my controls Auditors, I said, shaking my head and moving him along to the next pod down. They re the kinkiest of the lot. Here, this girl is popular these days. She had a cloud taxonomy diagram on her screen. No, no, the cloud can be anything you want it to be. What do you WANT it to be ... oh yes, we can be private ... very ... private ... What s that asked the Intern, pointing to a symbol pinned up on her cubicle wall. It had a silhoutette of a squirrel with a circle and line over it. Never mind. We used to have this one really insistent caller. He was free with the bucks, but the girls were getting a little creeped out. From the other end of the room, a voice moaned loudly, YES YES The saturation of vulnerable technology measures the aggregate attack surface available to the exploit code The Intern blanched and covered his ears. Boss said one worker, tugging on my sleeve. We got a Code Twenex. Okay, don t panic. Where s Mike He s on break. Tell Pete to stop tweeting and take the call. He ll do well enough. I turned back to the puzzled Intern. We got a woman on the line. It s rare, but it happens. I charge em double, though. Our boys tend to be exhausted after just one 15-minute session. I just can t believe you re making money with this, the Intern said. Isn t this ... well ... illicit I mean, it s got to be wrong somehow. Why I replied. It isn t cheating unless you actually USE the exploit. No, I mean, don t they have families Look, we provide a valuable service here. Not everyone can go to a conference as often as they need to. This way they can let off steam, get it out of their system, and go home and pay real attention to their loved ones. Our clients report that they re much less likely to sneak a look at their BlackBerry, read Liquidmatrix, or talk about responsible disclosure in their sleep. Their home life is BETTER, not worse. One woman even called to thank us, to say she finally could stop role-playing DNS zone transfers. Okay, THAT was TMI. The Intern looked faintly disgusted. Can I go back to GRC console hacking now This is all making me feel a bit dirty. Yeah, go ahead, kid, I laughed. You re not old enough to appreciate the hard-core stuff yet. Just keep this on the down-low, okay Sure, he said hurriedly as he fumbled for the door. I popped another diet Mountain Dew and relaxed on the velvet-covered couch. The NIST folks would be getting out of session soon and then we were going to be REALLY busy. Thanks to Simon Travaglia, as always.

Lire l'article complet sur le site d'origine

S'abonner au fil RSS Secuobs pour le site "Layer 8"
Voir tous les articles du site "Layer 8"

Les derniers articles du site "Layer 8" :

- Managing to the biggest risk.
- Biscuits and gravy
- Shopping for security.
- EOY roundup.
- Don t ask me, ask that guy over there.
- BSOFH the roar of the packets, the smell of the cloud.
- BSOFH Catering to a niche market.
- The meaning of metrics.
- Whither the CISO
- BSOFH All s fair in security and war.

Voir tous les articles du site "Layer 8"

S'abonner au fil RSS global de la revue de presse

Menu > Articles de la revue de presse : - l'ensemble [tous | francophone] - par mots clé [tous] - par site [tous] - le tagwall [voir] - Top bi-hebdo de la revue de presse [Voir]

Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.191.75.173 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.191.75.173 to any 80"
- Nous contacter par mail

Les derniers commentaires publiés sur SecuObs (6-25):

- Airdrop-ng Release - GuruPlug, the next generation of SheevaPlug - Anomos 0.9 Released Public Tracker Up and Running - ESRT @IBMFedCyber - DECT crypto cracked academically - Responder Professional 2.0, a Windows physical memory and automated malware a - ESRT @Marsmensch @hdmoore - Metasploit supports owning insecure IIS WebDAV - Added a small hack to ronin-ext, Ronin::Autoload: autoloads missing constants - ESRT @proactivedefend - Iptables Limits Connections Per IP - ESRT @EdiStrosar @spendergrsec - Linux 2618+ infoleak exploit added to Enligh - ESRT @SecMailLists - Full Disclosure: XSS vulnerability in NEW orkut - ESRT @helpnetsecurity @lbhuston - Zero-day vulnerabilities on the market - ESRT @agar38 @achillean @theprez98 - SHODAN for Penetration Testers slides fr - Video : ESRT @secdocs - Using OpenBSC for fuzzing of GSM handsets - ESRT @helpnetsecurity - Configure Netfilter Shorewall 4.4.7 RC2 released - PS3 hypervisor exploit reproduced - Mozilla Removes Two Malicious Firefox Add-Ons - Wrapping insecure web apps with Apache - Oracle Patches Critical WebLogic Flaw - Directory traversal as a reconnaissance tool - Video : Scanning with the NetChk Configure NIST Policy Les cinq derniers commentaires publiés sur SecuObs Tous les commentaires publiés sur SecuObs avant les 25 derniers

SecuToolBox :

Bluetooth Stack Smasher v0.6 / Bluetooth Stack Smasher v0.8 / Slides Bluetooth Eurosec 2006 / Exposé vidéo Windows Shellcode - Kostya Kortchinsky / Exposé audio Reverse Engineering - Nicolas Brulez / Exposé vidéo Securitech - Pierre Betouin / WEP aircrack + Ubiquiti (MadWifi) 300 mW + Yagi / Secure WIFI WPA + EAP-TLS + Freeradius / Audit Windows / Captive Password Windows / USBDumper / USBDumper 2 / Hacking Hardware / WishMaster backdoor / DNS Auditing Tool / Ettercap SSL MITM / Exploit vulnérabilités Windows / Memory Dumper Kernel Hardening / Reverse Engineering / Scapy / SecUbuLIVE CD / Metasploit / eEye Blink Sec Center / eEye Retina Scanner + d'outils / + de tutoriels

Mini-Tagwall des articles publiés sur SecuObs :

sécurité, exploit, windows, microsoft, réseau, attaque, vulnérabilité, outil, système, audit, virus, internet, données, présentation, linux, metasploit, protocol, bluetooth, vista, shell, scanner, réseaux, rootkit, paquet, trames, source, conférence, téléphone, wishmaster, noyau, engineering, mobile, sysun, https, téléphones, mémoire, patch, intel, botnet, libre, rapport, scapy, reverse, contourner, securitech + de mots clés avec l'annuaire des articles publiés sur SecuObs

Archives Failles Secunia :

- SA38414 Fedora update for gmime22 - SA38429 Debian update for squid and squid3 - SA38461 Ubuntu update for kernel - SA38476 F5 Products TCP Implementation Denial of Service - SA38377 Fedora update for dokuwiki + d'archives failles avec Secunia et SecuMail

Archives Mailing Full Disclosure :

- Full-disclosure Claude Mercier/CLSC-CHSLD BVLV/Reg03/SSSS est absent(e). - Re: Full-disclosure about jit and dep+aslr - Re: Full-disclosure about jit and dep+aslr - Re: Full-disclosure about jit and dep+aslr - Re: Full-disclosure about jit and dep+aslr + d'archives Full Disclosure avec SecuMail

Archives Mailing Bugtraq :

- CORELAN-10-010 - GeFest Web HomeServer v1.0 Remote Directory Traversal Vulnerability - DSECRG-09-065 TVUPlayer PlayerOcx.ocx ActiveX - Insecure method - mongoose Space Character Remote File Disclosure Vulnerability - Suspected SpamVulnerability in Tagcloud for DataLife Engine - Re: Multiple vulnerabilities in XAMPP (advisory #7) - Re: Samba Remote Zero-Day Exploit + d'archives Bugtraq avec SecuMail

Mini-Tagwall de l'annuaire video :

vmware, security, virus, biometric, windows, lockpicking, password, metasploit, botnet, tutorial, crypt, attack, linux, network, iphone, server, exploit, wimax, conficker, virtu, virtual, engineering, cisco, reverse, ettercap, wireshark, hacker, firewall, knoppix, arduino, internet, rootkit, wireless, source, brucon, backtrack, openbsd, systm, overflow, openssh, conference, buffer, access, remote, defcon + de mots clés avec l'annuaire des videos

Mini-Tagwall des articles de la revue de presse :

security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité + de mots clés avec l'annuaire de la revue de presse

Mini-Tagwall des Tweets de la revue Twitter :

security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack + de mots clés avec l'annuaire de la revue Twitter