[Dailydave] Semi-anonymized moderation.
Olef Anderson
olef.anderson at gmail.com
Mon Jan 28 19:31:52 EST 2008
Again, small improvements are better than none.
>
This argument is NOT correct when the so called "improvements" steals time
and money from an Enterprise. Going through IDS logs, configuring NIDS etc.
are time and money consuming tasks that deliver little in return. There are
actually far more rewarding things your IT security personal could do rather
than shifting through immense amount of pointless IDS logs. How about
auditing your webapps and third party applications ? Checking and deploying
critical security fixes for the high risk environments etc etc
This has been stated several times before but it won't hurt to say it again.
Defending protocol parsers by writing more protocol parsers on top was the
dumbest infosec idea ever concieved. And it amazes me that people making a
living out of this, still trying to defend it with pointless than ever
arguments. You lost the game, its time to change the game plan or to shut
up. Let your sales drone do the evangelism. We are in 2008 and the art of
hacking, REing, exploitation has evolved far beyond than your capabilities.
Evolve or *die, simple as that ...
-olef
* I have always understood and agreed to the concept of companies making
business on selling crap and people making a living on doing shit. I see
that it is a necessary concept to keep the market economy going but I
wouldn't take it as far as to defend it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20080128/844ae5bc/attachment.htm
More information about the Dailydave
mailing list