[Pauldotcom] Not this crap again..
tadaka at gmail.com
Mon Dec 14 21:42:59 UTC 2009
It reminded me of Richard Beijtlich's statement that "prevention eventually
fails". So do I go with Richard's outlook or Gregory's? Add in my own
experience in the land of reality and I'll stick with Richard's. ;-)
On Mon, Dec 14, 2009 at 1:37 PM, Michael Douglas <mick at pauldotcom.com>wrote:
> That comment "you can't ever fail" is part of the reason this guy is
> such a jackhole. He's perpetuating very scary and damaging myths
> about infosec.
> -= Hey John Strand, your doctor told me to keep your blood from
> boiling over so you might want to skip until you hit the next comment
> marked like this =-
> <The text below is encrypted with non-john-strand crypto. As long as
> you're not John Strand this text appears like plain text... but it's
> not. We here at PaulDotCom have special tech that allows for strange
> things... in this case, John Strand will see nothing but gibberish, or
> perhaps an in-depth review of a death metal band. He's never really
> been clear about what he sees when presented with this sort of elite
> Everyone makes mistakes. Systems fail, everything rots. Entropy will
> triumph in the end. It all gets back to the concept of failing
> gracefully. John's been harping this point over and over lately, and
> it's apparent that "teh bestest haxor evarz" has somehow missed out on
> these talks. It must be all the 15 minute training sessions. Those
> add up on your time. (/me rolls his eyes)
> DO NOT TELL JOHN THAT THE BEST HACKER ISN'T AWARE OF THIS. He might
> flip out and maybe do something strange... no stranger than what he
> normally does. Truth is, I don't like thinking about it. The longer
> you stare at the Abyss the longer it stares back at you. ;-)
> But you don't have to miss out like #1 super hacker has so far!
> -= John, you can return to the reading ;-) =-
> Security Consultants are NOT responsible for the security of a
> company. We're not. EVER! That belongs to management. Security
> programs that fail are ones where they forget our responsibilites.
> Our duties are to measure, report, and mitigate risks as directed to
> from management. Anytime we set ourselves out to do differently we're
> drifting to Evans' style and that's something we certainly want to
> discourage. Unless you want lumps of coal from Santa for some
> - Mick
> On Mon, Dec 14, 2009 at 1:27 PM, Jason Wood <tadaka at gmail.com> wrote:
> > I got a chuckle out of this line from the article.
> > "Drawbacks: Talk about stress. If a system is infiltrated by a virus or
> > hacker, it could mean lights out for the security consultant's career.
> > is a job you can't afford to ever fail in," says Evans."
> > What was funny to me was I remember a thread a while back where a lot of
> > talked about getting into infosec **because** we got hacked. I suppose I
> > was just doing sysadmin work at the time, so you could point to that as a
> > reason why I've never had much career trouble. Still, I had to grin at
> > Jason
> > On Mon, Dec 14, 2009 at 9:06 AM, Soft Reset <softreset64738 at gmail.com>
> > wrote:
> >> Hmmm...I'm going out on a limb here, but I'm not seeing why he's *is* a
> >> fraud? I understand how this profile can portray us in a negative light
> >> people who see *us* may think we were once on the black-hat side of
> >> but do you all think its impossible for someone to switch to the
> >> Although to be honest, no, I wouldn't trust him. Convicted in 2002,
> >> served 16 months means he was *probably* still in jail or just out when
> >> started his company in 2003. And "...that year, computer security
> >> contracted to sell his cyber security software." So, in less than a
> year of
> >> getting out of prison, he has a company and "computer security stores"
> >> his software? WTF???
> >> Ok, maybe I understand now...maybe it was just too early in the day.
> >> On Mon, Dec 14, 2009 at 4:21 AM, John Strand <strandjs at gmail.com>
> >>> Check it out:
> >>> http://money.cnn.com/magazines/moneymag/bestjobs/2009/snapshots/8.html
> >>> On the plus side. I think it is nice that we have some job security...
> >>> On the downside.... Why did they have to go and find "The Worlds #1
> >>> Hacker?"
> >>> Now anyone that wants to get into this field thinks that all they need
> >>> is a CISSP and to be an asshat.
> >>> Wait..... That might be accurate.
> >>> John Strand
> >>> CISSP, GCIH, GCFW, ' or 1=1; --, Asshat
> >>> _______________________________________________
> >>> Pauldotcom mailing list
> >>> Pauldotcom at mail.pauldotcom.com
> >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> >>> Main Web Site: http://pauldotcom.com
> >> _______________________________________________
> >> Pauldotcom mailing list
> >> Pauldotcom at mail.pauldotcom.com
> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> >> Main Web Site: http://pauldotcom.com
> > --
> > irc: Tadaka
> > Twitter: Jason_Wood
> > jwnetworkconsulting.com
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Pauldotcom