Full Disclosure mailing list archives

Re: NASA.GOV SQL Injections

From: "Exibar" <exibar () thelair com>
Date: Fri, 17 Oct 2003 17:25:18 -0400

I had the pleasure of meeting one of NASA's IT guys this week actually.  He
could certainly be considered "the cream of the crop".  If all NASA IT guys
are like him, then NASA certainly has the "best of the best" employed there.
I would also say that yes, even the janitor requires a full background check
and security clearance, to some degree.  I'm sure that there are areas where
even the 1% have to clean up after themselves every day due to the
sensitivity of their work.

  Why would anyone think that NASA wouldn't hire the best of the best, even
for administrative work?  It's not like they're raking leaves for a living,
they send people to the Moon and beyond :-)

  Exibar

----- Original Message ----- 
From: "Jonathan A. Zdziarski" <jonathan () nuclearelephant com>
To: "Schmehl, Paul L" <pauls () utdallas edu>
Cc: "full-disclosure" <full-disclosure () lists netsys com>
Sent: Friday, October 17, 2003 12:28 PM
Subject: RE: [Full-disclosure] NASA.GOV SQL Injections

No offense meant to the fine IT people at NASA, but do you seriously
believe that the one-percenters are securing the network?  As opposed to
say, figuring out how to land a rover on Mars, how to keep astronauts
alive in space, how to overcome the long-term negative effects of zero
gravity, etc., etc.???


Maybe I'm not as familiar with NASA as others might be, but I would
think NASA would try and hire the most gifted IT people they could find
(e.g. the cream of the crop).  Since I've never run into one, I can't
prove this theory - I suppose it's possible they're all morons...but if
I had the resources NASA has, there wouldn't be any idiots working for
me.

I wonder if their janitors require security clearance just to work
there...if that's the case their IT people are most likely l33t.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

RE: NASA.GOV SQL Injections, (continued)
- - RE: NASA.GOV SQL Injections Jonathan A. Zdziarski (Oct 17)
    - RE: NASA.GOV SQL Injections Ron DuFresne (Oct 17)
    - RE: NASA.GOV SQL Injections Jonathan A. Zdziarski (Oct 17)
    - RE: NASA.GOV SQL Injections Ron DuFresne (Oct 17)
    - RE: NASA.GOV SQL Injections madsaxon (Oct 17)
    - Re: NASA.GOV SQL Injections Gregory A. Gilliss (Oct 17)
    - Re: NASA.GOV SQL Injections Ron DuFresne (Oct 17)
    - Re: [SD:jason.full-disclosure] RE: NASA.GOV SQL Injections Jason Freidman (Oct 17)
    - Re: NASA.GOV SQL Injections Valdis . Kletnieks (Oct 18)
    - Re: NASA.GOV SQL Injections Ron DuFresne (Oct 20)
    - Re: NASA.GOV SQL Injections Exibar (Oct 17)
    - RE: NASA.GOV SQL Injections Joe (Oct 18)
  - Re: NASA.GOV SQL Injections Valdis . Kletnieks (Oct 18)
    - Re: NASA.GOV SQL Injections Jonathan A. Zdziarski (Oct 18)
    - Re: NASA.GOV SQL Injections Paul Schmehl (Oct 18)
    - Re: NASA.GOV SQL Injections Valdis . Kletnieks (Oct 19)
    - Re: NASA.GOV SQL Injections Paul Schmehl (Oct 19)
    - Re: NASA.GOV SQL Injections Valdis . Kletnieks (Oct 19)
    - Re: NASA.GOV SQL Injections Florian Streck (Oct 19)