On Fri, Feb 25, 2011 at 8:56 PM, Aaron Toponce
<aaron.toponce@gmail.com> wrote:
On 02/25/2011 06:35 PM, shawn wilson wrote:
> however, if you are a restaurant with a small web site, you are probably
> not getting that many visitors in the first place (defacement isn't
> going to cost you much), you probably aren't taking in data (no
> disclosure of loss of pii required), maybe you don't even have any form
> fields (no sql injection, xss, xsrf, etc), maybe you even host it with a
> hosting company so they've got their own security. so, you've got decent
> security by default and you're losses would be minimal. so, you'd be
> stupid to spend tons of money on securing your web page.
Remind me not to hire you as my administrator. A small business is
likely to lose much, much more when targeted with an attack than a
global empire. Funds are usually tight, good technical expertise is hard
to come by, and coming back from a compromise costs more time and energy
due to limited resources than a mega corporation.
i agree, it would seem that one of us would probably kill the other if faced with that :)