Penetration Testing mailing list archives
RE: Ethical hacker article published
From: "Steve Fletcher" <safletcher () insightbb com>
Date: Thu, 22 Feb 2007 20:46:12 -0600
Craig, Thank you for the feedback. I appreciate the response. However, I would like to dispute some of the claims in your original email. I did send an email out to the list back in December when I was working on the article in an effort to ensure I included accurate information. Unfortunately, all of the responses I received were off-list so people such as yourself were not able to refute some of the information that I received if it were inaccurate. That being said, your feedback would have been much more appreciated at that time instead of after the fact. As for the GCIA and GCIH certifications, the suggestion to include these came from peers on the pen-test list. I was told that the courses include a day covering attacks so that is why they were added. I have not taken the courses, so I could not confirm or deny this myself. I also must disagree somewhat with your statements regarding terminology. While you offer a detailed explanation for what things an ethical hacker would and would not do, I have seen other sources with different thoughts on this. Sadly, the security field seems to have many terms that fall into this area. For example, I have seen people do a "penetration test" that I would really consider a "vulnerability assessment." I understand that this can be attributed to misconceptions in some cases but in others, I believe it is more a matter of opinion. That being said, I totally agree with your statement that such an assessment must look at the internal network as well as physical security. Just protecting a network from the outside still leaves it open to the biggest threat of all, an inside attacker. I try to stress this whenever I am speaking to someone about security. I also realize that this includes both internal network and physical security. Finally, I fully understand the statement regarding editorial review. To be perfectly honest, I do not believe many editors at Certification Magazine are highly technical, especially with regards to security topics. Therefore, I do not expect them to do a serious technical review of any articles submitted. In addition, many times, the articles are not overly technical, so this is often not a problem. I also am not sure why they started using the editor address instead of a specific address for each author. That is very misleading. If time had permitted, I would have submitted the article for peer review but I was given the assignment with a fairly short notice. I tried to do what I could to produce as accurate an article as possible given the time constraints and the sources available. I am sorry you feel that it was inaccurate. Steve Fletcher MCSE (NT4/Win2k), MCSE: Security (Win2k), HP Master ASE, Security+ Email: safletcher () insightbb com Web: http://safletcher.home.insightbb.com -----Original Message----- From: Craig Wright [mailto:cwright () bdosyd com au] Sent: Thursday, February 22, 2007 4:40 PM To: Craig Wright; pen-test () securityfocus com Cc: Steve Fletcher Subject: RE: Ethical hacker article published Next, GCIA and GCIH certifications are not designed to aide in pen testing or ethical attacks. They have a different focuus. I do note that the editor association is a generic with all Certmag articles which I missed in the last post - being that this is not something I would generally read. So I appoligise for this error in my prior post. Regards, Craig S Wright ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Ethical hacker article published Steve Fletcher (Feb 21)
- <Possible follow-ups>
- RE: Ethical hacker article published Craig Wright (Feb 23)
- RE: Ethical hacker article published Steve Fletcher (Feb 23)
- RE: Ethical hacker article published Craig Wright (Feb 23)
- RE: Ethical hacker article published Clement Dupuis (Feb 25)
- RE: Ethical hacker article published dfullerton (Feb 26)
- RE: Ethical hacker article published Clement Dupuis (Feb 28)