Re: [SD:jason.full-disclosure] RE: NASA.GOV SQL Injections

[Jason Freidman <jason () compnski com>]

From my experience working at NASA (moffet field as an intern one
summer) was that their IT department (in my building) was good at what
they did but had a pretty restrictive security policy (which is a good
thing i guess).  So i would rate them as excellent although too
restrictive.

On Fri, 2003-10-17 at 14:03, Ron DuFresne wrote:
> On Fri, 17 Oct 2003, Jonathan A. Zdziarski wrote:
>
> > > No offense meant to the fine IT people at NASA, but do you seriously
> > > believe that the one-percenters are securing the network?  As opposed to
> > > say, figuring out how to land a rover on Mars, how to keep astronauts
> > > alive in space, how to overcome the long-term negative effects of zero
> > > gravity, etc., etc.???
> >
> > Maybe I'm not as familiar with NASA as others might be, but I would
> > think NASA would try and hire the most gifted IT people they could find
> > (e.g. the cream of the crop).  Since I've never run into one, I can't
> > prove this theory - I suppose it's possible they're all morons...but if
> > I had the resources NASA has, there wouldn't be any idiots working for
> > me.
> >
> > I wonder if their janitors require security clearance just to work
> > there...if that's the case their IT people are most likely l33t.
>
> Of course, one might think the same thing about the FED gov and the
> various states govs.  Untill one looks at pay rates, and how they compare
> to the private sector.  And that pays little or no mind to the POLITICS in
> such places.  One does not merely work in a gov related setting, one HAS
> to play a political tightrope walk, with less the proportional pay that
> private sector jobs provide.  Thus, whne the OSB and GAO audits and their
> released findings that make it into the headlines and before congress now
> and then come as no surprise.  I did an interesting article on the state
> of cyber security a year or so ago mentioning some of this  for TISC
> Insight Newsletter, and a copy can be found at
> http://sysinfo.com/sec-state.html.
>
> C ourse, if anyone would like to hear the real nightmares of gov related
> work and the political BS that prevents real work from getting
> accomplished, I'll be happy to talk offline/offrecord.
>
> Thanks,
>
> Ron DuFresne
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> "Cutting the space budget really restores my faith in humanity.  It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation." -- Johnny Hart
>       ***testing, only testing, and damn good at it too!***
>
> OK, so you're a Ph.D.  Just don't touch anything.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> ------------------------
> Sent to jason.full-disclosure
> Edit forwarding: http://spamdam.compsnki.com//editemail.php?fid=32
> Description: full disclosure maling list
-- 
Jason Freidman <jason () compnski com>

Attachment: signature.asc
Description: This is a digitally signed message part