Hello Rob,
Am 17.09.2024 um 13:23 schrieb Rob Berendt <robertowenberendt@xxxxxxxxx>:
True. They seemed to dislike both.
Yes. They're security researchers. Their primary point of view is evaluate which facilities can be abused. This sometimes leads to outlandish "security measures" they recommend to be set in place. But it's up to the individual to follow their advice or leave it be.
If a company did their homework, they already have done assessments of possible higher level risks — for the company at large. There might be a list of possible hazards and the likeliness of them occurring. I guess this is part of a viable business plan. Boss tamed, no crude commands from him to implement things which might harm the business more than an actual incident, in the long run.
Said assessment list can be expanded with the possible abuse scenarios the security guys (and pentesters!) find out, evaluate the impact on the company at large and come up with a likeliness of this happening. If one does this with common sense applied, things usually look much less serious than they seem at first glance.
:wq! PoC
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
