Security Basics mailing list archives
RE: Would you bet your life on your security?
From: "David Gillett" <gillettdavid () fhda edu>
Date: Thu, 2 Oct 2003 10:28:46 -0700
There's a truism to the effect that the only secure machine is unusable. So if this outfit has any competence at all they *will* find vulnerabilities in any useful network. The more critical question is, can they find vulnerabilities that the organization does not consider an acceptable risk associated with being in business. Since different organizations have different tolerances for risk, this may be hard to guess up front -- I doubt they're willing to bet on THAT. David Gillett
-----Original Message----- From: Eric Brown [mailto:ericbrow () ziplip com] Sent: October 1, 2003 19:04 To: simon; security-basics () securityfocus com Subject: Re: Would you bet your life on your security? Hello Simon, I'm pretty new to security, but this is discouraged by the ISECOM in their most current Open Source Security Testing Methodology Manual, p. 18, "2. The offering of free services for failure to penetrate or provide trophies from the target is forbidden." I wouldn't know this if I hadn't just read it though. Eric-----Original Message----- From: simon [mailto:simon () snosoft com] Sent: Wednesday, October 01, 2003, 4:18 PM To: security-basics () securityfocus com Subject: Would you bet your life on your security? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All, I'm not sure how many of you have had good securityaudits in therecent past so I thought I'd show you this. In summarySecure NetworkOperations, Inc. will do an external security audit of yournetwork forapprox $1000.00. If they don't find any vulnerabilities,then the auditis FREE and they send you a letter of validation. If they do find vulnerabilities, then they charge you and send you a formalreport thatdetails their finds and grades your network. Given some of the new laws that have been passed thisseems like apretty good service and a VERY cheap way to validate your companies security. Secure Network Operations also has a flawlesstrack record andhas the references to prove it. Why do I think this is a good idea? Well, the Californiaidentity theftlaw (Civil Code 1798.82),The new federal bankingregulations are tworeasons. They both make disclosure of a compromiseMANDITORY. You needto tell ALL of your clients, by law, that you have beencompromised andthat their identities may have been stolen. So anyway, I'll shut up. For those of you that areinterested check outthe link below. For those of you that arent, I'm justtrying to helppeople out so don't flame me or I'll /dev/null your mail. http://www.secnetops.com/pesa-form_html.html Their web site is: http://www.secnetops.com - -- Regards, -simon- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/e0/Nf3Elv1PhzXgRAqczAJ9jLoYmBi1aCs6DA49cB7nusXhv2QCgzeF6 0kewAu0Xz4t6+F5Px6kfKc8= =9AWM -----END PGP SIGNATURE------------------------------------------------------------------- --------------------------------------------------------------------------- --------------To do is to be. -Socrates To be is to do. -Satre Do be do be do. -Sinatra -------------------------------------------------------------- ------------- -------------------------------------------------------------- --------------
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Would you bet your life on your security? simon (Oct 01)
- Re: Would you bet your life on your security? Jimi Thompson (Oct 10)
- <Possible follow-ups>
- Re: Would you bet your life on your security? Eric Brown (Oct 02)
- RE: Would you bet your life on your security? David Gillett (Oct 02)
- Re: Would you bet your life on your security? simon (Oct 06)
- Re: Would you bet your life on your security? Ranjeet Shetye (Oct 02)
- Re: Would you bet your life on your security? simon (Oct 02)
- Re: Would you bet your life on your security? David Moisan (Oct 03)
- RE: Would you bet your life on your security? David Gillett (Oct 03)
- RE: Would you bet your life on your security? David Gillett (Oct 02)
- RE: Would you bet your life on your security? MacDougall, Shane (Oct 03)
- RE: Would you bet your life on your security? MacDougall, Shane (Oct 03)
- RE: Would you bet your life on your security? David Gillett (Oct 06)
- Re: Would you bet your life on your security? simon (Oct 06)
- RE: Would you bet your life on your security? David Gillett (Oct 06)