Comments on: But That’s Impossible! http://www.veracode.com/blog/2009/05/but-thats-impossible/ Application security testing, analysis, and metrics Thu, 09 Feb 2012 11:59:00 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: no way http://www.veracode.com/blog/2009/05/but-thats-impossible/comment-page-1/#comment-10356 no way Thu, 17 Nov 2011 18:17:13 +0000 http://www.veracode.com/blog/?p=774#comment-10356 as a developer on more of the security side than most.. about 30% of what veracode is saying is rather retarded. as a developer on more of the security side than most..

about 30% of what veracode is saying is rather retarded.

]]> By: ZeroDay Labs blog » Stay Cool, Nobody is Calling Your Baby Ugly http://www.veracode.com/blog/2009/05/but-thats-impossible/comment-page-1/#comment-10014 ZeroDay Labs blog » Stay Cool, Nobody is Calling Your Baby Ugly Fri, 21 Oct 2011 17:48:25 +0000 http://www.veracode.com/blog/?p=774#comment-10014 [...] questions wanting to understand the situation better, the other folds his arms and fires back with responses like this. What’s the difference? One is acting defensively while the other is [...] [...] questions wanting to understand the situation better, the other folds his arms and fires back with responses like this. What’s the difference? One is acting defensively while the other is [...]

]]> By: PB http://www.veracode.com/blog/2009/05/but-thats-impossible/comment-page-1/#comment-2816 PB Wed, 27 May 2009 10:00:52 +0000 http://www.veracode.com/blog/?p=774#comment-2816 Oh hahhaa I forgot "We're running that service on a higher port number." Security obfuscation for the win! Oh hahhaa I forgot “We’re running that service on a higher port number.” Security obfuscation for the win!

]]> By: Motoma http://www.veracode.com/blog/2009/05/but-thats-impossible/comment-page-1/#comment-2814 Motoma Tue, 26 May 2009 20:00:48 +0000 http://www.veracode.com/blog/?p=774#comment-2814 "If the client's are dumb enough to do ___ then they deserve what they get." “If the client’s are dumb enough to do ___ then they deserve what they get.”

]]> By: veye0l8tr http://www.veracode.com/blog/2009/05/but-thats-impossible/comment-page-1/#comment-2811 veye0l8tr Sat, 23 May 2009 06:22:51 +0000 http://www.veracode.com/blog/?p=774#comment-2811 How about "That's a problem with the vendor software not our security", to which my response was "If it's a problem with the vendor software you are using then it's a problem with your security" or another one I hear often "how many people actually know how to do that?" to which my response is "Anyone that has an interest in breaching your security, with internet access and the ability to read." The script kiddie arguement mentioned above is another common thread, I usually end up explaining that Uber-hackers document methods and script kiddies can follow instructions. How about “That’s a problem with the vendor software not our security”, to which my response was “If it’s a problem with the vendor software you are using then it’s a problem with your security”

or another one I hear often “how many people actually know how to do that?” to which my response is “Anyone that has an interest in breaching your security, with internet access and the ability to read.”

The script kiddie arguement mentioned above is another common thread, I usually end up explaining that Uber-hackers document methods and script kiddies can follow instructions.

]]> By: Erich http://www.veracode.com/blog/2009/05/but-thats-impossible/comment-page-1/#comment-2810 Erich Thu, 21 May 2009 21:53:17 +0000 http://www.veracode.com/blog/?p=774#comment-2810 "We're certainly not in focus. Who's gonna attack OUR minor website?" Later on wondering, why the website is spreading malicious code to any visitor so google marks it as dangerous. “We’re certainly not in focus. Who’s gonna attack OUR minor website?”

Later on wondering, why the website is spreading malicious code to any visitor so google marks it as dangerous.

]]> By: Timsta http://www.veracode.com/blog/2009/05/but-thats-impossible/comment-page-1/#comment-2808 Timsta Thu, 21 May 2009 09:41:17 +0000 http://www.veracode.com/blog/?p=774#comment-2808 "The application must be secure. All our competitors use it!" “The application must be secure. All our competitors use it!”

]]> By: MikeP http://www.veracode.com/blog/2009/05/but-thats-impossible/comment-page-1/#comment-2806 MikeP Wed, 20 May 2009 15:28:27 +0000 http://www.veracode.com/blog/?p=774#comment-2806 My own favourite: "Yeah, but who has the time to figure that out? We're just xxx." My own favourite: “Yeah, but who has the time to figure that out? We’re just xxx.”

]]> By: saari http://www.veracode.com/blog/2009/05/but-thats-impossible/comment-page-1/#comment-2804 saari Wed, 20 May 2009 05:48:56 +0000 http://www.veracode.com/blog/?p=774#comment-2804 This stuff doesn't bother me, it's the fundamentally broken by design issues and basic social engineering that bother me. See OAuth session fixation. This stuff doesn’t bother me, it’s the fundamentally broken by design issues and basic social engineering that bother me. See OAuth session fixation.

]]> By: links for 2009-05-19 (Jarrett House North) http://www.veracode.com/blog/2009/05/but-thats-impossible/comment-page-1/#comment-2802 links for 2009-05-19 (Jarrett House North) Wed, 20 May 2009 02:01:07 +0000 http://www.veracode.com/blog/?p=774#comment-2802 [...] But That’s Impossible! (Veracode Blog) Responses to security audits range from the funny to the sad. (tags: security) [...] [...] But That’s Impossible! (Veracode Blog) Responses to security audits range from the funny to the sad. (tags: security) [...]

]]>