Wednesday, August 28, 2013


Look, I know that you call yourself a "penetration tester" and a "white hat hacker", but I've been doing this longer than you have. Trying to convince me that your newly discovered denial of service attack is a "high risk" vulnerability is not convincing. You can't get anyone's data and you can't pen someone's boxen with your uber 'sploit.

Sorry, not impressed. It's the Internet: there's nothing but DoS out there.

Your CVSS scores are boring, and it's entirely clear that you have no idea how arbitrary that "metrics based" scoring system actually is.

And your Mom dresses you funny. Get offa my lawn, kid.

This ends today's security rant.

- Posted using BlogPress from my iPhone


lee n. field said...

There has to be a story behind this.

ASM826 said...

27,000 students back on campus with computers and cell phones. That's a self-inflicted D.O.S. for everyone, usually about lunchtime.

The network perks up as the afternoon wears on and students and staff leave campus.

Borepatch said...

lee, it's been a long few weeks, and it was one too many too-smart-by-half youngster today.

ASM826, I'm sure that the Cisco sales rep can help you with more bandwidth ... ;-)

Of course, that's a Denial Of Service on the IT budget.

Opinionated Grump (Rich in NC) said...

...and your gun sucks, and you're holding it wrong
Rich in NC