On Fri, Feb 25, 2011 at 8:56 PM, Aaron Toponce <aaron.topo...@gmail.com>wrote:
> > On 02/25/2011 06:35 PM, shawn wilson wrote: > > however, if you are a restaurant with a small web site, you are probably > > not getting that many visitors in the first place (defacement isn't > > going to cost you much), you probably aren't taking in data (no > > disclosure of loss of pii required), maybe you don't even have any form > > fields (no sql injection, xss, xsrf, etc), maybe you even host it with a > > hosting company so they've got their own security. so, you've got decent > > security by default and you're losses would be minimal. so, you'd be > > stupid to spend tons of money on securing your web page. > > Remind me not to hire you as my administrator. A small business is > likely to lose much, much more when targeted with an attack than a > global empire. Funds are usually tight, good technical expertise is hard > to come by, and coming back from a compromise costs more time and energy > due to limited resources than a mega corporation. > > > i agree, it would seem that one of us would probably kill the other if faced with that :) i'll agree to disagree
