[Message Precedent sur la mailing
][Message Suivant sur la mailing
][Precedent dans le fil
][Prochain dans le fil
][Index par Date
][Index par fil
Re: [Full-disclosure] What the f*** is going on?
Michal hit the nail on it's head. The news isn't want some script kiddie ring did to some supposedly info sec website as much as what the whole industria is leading to.
So the public thinks the bad guys go around in suits and neckties with the intent of "breaking the net" when the truth is there's a huge broken mess out there.
Even worse, those paid to fix it do not give a hoot and often times make it worse (re: HBGary).
The media of course follows the more sensational news, some supposedly vigilantes (correction: vandals) attacking some sites.
Well, we've been saying the net's broken for how long, 10, 30 years? News is kinda getting old. And where are we now?
On Tue, Feb 22, 2011 at 11:42 PM, Michal Zalewski <lcamtuf@xxxxxxxxxxx>
> Also, I would say that even though randomly prodding exec argumentsI think that sentiment made sense 8-10 years ago, but today, it's
> with As isn't so elite, the space of "the non-web" is much more deep
> and much more complex than the space of "the web"..
increasingly difficult to defend. I mean, we are at a point where
casual users can do without any "real" applications, beyond just
having a browser. And in terms of complexity, the browser itself is
approaching the kernel, and is growing more rapidly.
Yes, web app vulnerabilities are easier to discover. That's partly
because of horrible design decisions back in the 1990s, and partly
because we're dealing with greater diversity, more complex
interactions, and a much younger codebase. Plus, we had much less time
to develop systemic defenses.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - link://[click]
Archives de la liste de diffusion Secunia
Archives de la liste de diffusion Full Disclosure
|Mini-Tagwall des articles publiés sur SecuObs : || |
| || |
| | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre
|Mini-Tagwall de l'annuaire video : || |
| || |
| | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio
|Mini-Tagwall des articles de la revue de presse : || |
| || |
| |security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité
|Mini-Tagwall des Tweets de la revue Twitter : || |
| || |