Full Disclosure mailing list archives
Re: Paul Asadoorian of PaulDotCom Enterprises / Podcast is ridiculous
From: Trevow Andrews <trevorandrws3456 () yahoo com>
Date: Thu, 2 Oct 2008 10:05:32 -0700 (PDT)
Damn Tor... this is the full message I just listened to a bunch more recent episodes. The episodes are horrible. Paul Asadoorian is a horrible interviewer. A bunch of us were out in Vegas last night and we found a few more people who read the comment on Full Disclossure. We were all talking about Pauldotcom and how we think Larry is getting the shit end of the stick. Who names a company after themselves? never mind DotCom in the title. This isn't 1994 anymore. We clearly saw from his embedded device talk that he doesn't know what he's talking about. Has ANYONE of you fanboys actually listened to his podcast? It's just ridiculous. This guy is the biggest fake, no surprise he's involved with SANS or has a podcast. If anyone has ever hung out in his IRC channel or been to his Forum you'll see that it is nothing but idiots asking questions about MetaSploit GUI or Nessus. This stuff bothers me.. that there are people out there. Pauldotcom is the AmWay of security, and everyone who listens to him is part of the pyramid scam. For those who defend him against his book. I looked around and found Mike Baker the author of Kismet gave his book a negative review pointing out inaccuracies and problems with the book. Paul pretty much copied and pasted most of the book without checking of commands were right. None of these problems pointed out by the author of the subject of his book are listed in his Eratta on his website. I don't know who does his website but it's retarded and looks like a 12 year old did it, so I assume Paul did it himself. http://www.amazon.com/review/product/1597491667/ref=cm_cr_dp_hist_3?_encoding=UTF8&filterBy=addThreeStar First of all, it would seem all kamikaze releases were just snapshots of the SVN. If Paul just worked with the authors of Openwrt they could have timed the book release with the release of a kamikaze snapshot. If you look at the dates of Kamikaze releases and when Paul's book came out you'll see they were less than a month apart. When the book came out White Russian development seemed to have ended. So either Paul didn't bother to check with or work with the authors of OpenWrt or he made some poor decisions. Either way there is no excuse. Kamikaze was in SVN for like 2 years before the snapshot came out with no real changes, the book could have covered Kamikaze without any issues. I'm no Openwrt expert but just looking at the dates on the OpenWrt page tells me it could have been done. But whatever. I'm sitting here in this shitty class right now. Forensics. I see Paul running around from time to time and I think he's seen my message. I wonder if he's tried to look me up at the Sans registration. I think it would be funny if he confronted me about my comments. --- On Wed, 10/1/08, Valdis.Kletnieks () vt edu <Valdis.Kletnieks () vt edu> wrote: From: Valdis.Kletnieks () vt edu <Valdis.Kletnieks () vt edu> Subject: Re: [Full-disclosure] Paul Asadoorian of PaulDotCom Enterprises / Podcast is ridiculous To: "Trevow Andrews" <trevorandrws3456 () yahoo com> Cc: full-disclosure () lists grok org uk Date: Wednesday, October 1, 2008, 8:29 PM On Wed, 01 Oct 2008 08:59:16 PDT, Trevow Andrews said:
No real research has even come out of Paul and Larry
And? So? You *do* realize that "kick-ass researcher" doesn't directly imply "kick-ass teacher", right? Quite often, the best researchers make *really bad* teachers, because the same autism-spectrum and ADD issues that allow them to focus on things when researching mean they *suck* at presentations. If you've ever been to college, and gotten somebody who's got a zillion papers published, but the class sucks because they can't lecture well, you've seen this in action. The second issue is that teaching chews incredible amounts of time, and directly impacts how much, if any, research you do - if you're on the road 3 weeks of the month teaching, I guarantee that you'll not get much done the other week. Sure, you may have spent 3 weeks teaching a *lot* of people a *lot* of material, and had them all actually remember it - but your research schedule takes a hit. The third thing to keep in mind is that "bleeding edge" doesn't always (and in fact rarely, if ever) correspond to what's out in the real world. OK, so you're peeved because the guy talked about WRT54G and didn't cover Kamikazi. Have you bothered to actually *check* what the relative percentages *actually in use* are? Yeah, Kamikazi may be cool, shiny, and uber-leet - but if it's only got 5% market share and WRT54G has 95%, maybe he shouldn't be spending a lot of time covering Kamikazi. Yes, SANS presentations often lag behind what's the cutting edge - but they're teaching people about stuff they're likely to actually encounter. When they send new cops to police school, they rarely spend lots time on how to pull over a Ferrari, but they're hopefully going to learn a *lot* about all the little details of pulling over a pickup truck (where to look for stuff in "plain sight", where weapons may be stashed, etc). Why? Because they're going to be pulling over dozens of pickup trucks a week, and maybe *once* in their lifetime they're going to get to pull over a Ferarri. You remember that big horrible DNS hole from a few weeks ago? How many you seen in the wild so far? And how many system you seen that actually gotten whacked with a 4-year-old SQL exploit? Yep, thought so. (For all I know, these guys may indeed be sucky presenters *and* sucky researchers - but I'm getting tired of the meme that it has to be taught by a "leading researcher" for it to be of use - especially when you're trying to teach nuts-n-bolts security to Joe Corporate. And if you think it's that easy to teach - start doing it. Undercut SANS, charge only $1000 per head, teach a class of 20 a week. You're looking at $80K of income *a month*. Now ask yourself why there aren't *more* people doing it...)
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Paul Asadoorian of PaulDotCom Enterprises / Podcast is ridiculous Trevow Andrews (Oct 01)
- Re: Paul Asadoorian of PaulDotCom Enterprises / Podcast is ridiculous n3td3v (Oct 01)
- Re: Paul Asadoorian of PaulDotCom Enterprises / Podcast is ridiculous Valdis . Kletnieks (Oct 01)
- Re: Paul Asadoorian of PaulDotCom Enterprises / Podcast is ridiculous n3td3v (Oct 01)
- Re: Paul Asadoorian of PaulDotCom Enterprises / Podcast is ridiculous Michael Boman (Oct 02)
- Re: Paul Asadoorian of PaulDotCom Enterprises / Podcast is ridiculous Trevow Andrews (Oct 04)
- Re: Paul Asadoorian of PaulDotCom Enterprises / Podcast is ridiculous n3td3v (Oct 07)
- Re: Paul Asadoorian of PaulDotCom Enterprises / Podcast is ridiculous mark seiden (Oct 08)