RE: Would you bet your life on your security?

["David Gillett" <gillettdavid () fhda edu>]

  Well, now that you've revealed that you are actually
affiliated with the subject operation, instead of letting
us think you're just a fellow professional passing along
a practical tip, I have to agree with Ranjeet.

David Gillett


> -----Original Message-----
> From: simon [mailto:simon () snosoft com]
> Sent: October 2, 2003 14:41
> To: Ranjeet Shetye
> Cc: ericbrow () ziplip com; security-basics () securityfocus com
> Subject: Re: Would you bet your life on your security?
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Neat,
>       I am very happy that I am getting as much input and
> feed back as I am.
> I even appreciate the below message where Ranjeet is telling
> me that I
> am being unprofessional, we all have our opinion... but who
> are we to judge?
>
>       I'll respond in a few sections here, so please tolearte
> the choppy email.
>
> "I'm pretty new to security, but this is discouraged by the ISECOM in
> their most current Open Source Security Testing Methodology Manual,
> p. 18, "2. The offering of free services for failure to penetrate or
> provide trophies from the target is forbidden"
>
>       Let me make this very simple for you.  If you bring
> your car into a
> shop and they find no problems do you want to pay for a brake
> job, and
> new ball joints?  If we find vulnerabilities then we will
> help you fix
> them.  If we don't, then you haven't spent a dime. What you
> seem to be
> proposing is that you spend money regardless of the work
> done? Hey, send
> some checks my way...
>
>
>
> Moving on...
>
> > Actually, no respectable professional really advertizes
> his/her services
> > in a forum where other professionals are reading/teaching/learning
>
>       I'm sorry if I've offended you.  So far you seem to be
> the first person
> thats been offended by this. So tell me, why don't "respectable
> professionals" send helpful offerings to mailing lists? I'd be very
> interested in understanding your reason.
>
>
> > unless its something specially setup for the purpose of advertizing
> > one's needs/wants e.g. the security-jobs mailing list. I
> think that's
> > standard etiquette for mailing lists.
>
>
> > On these grounds, I find Simon's advertizing pretty unprofessional -
> > despite the solid reasons (or FUD ?) given as to why
> insecure networks
> > can cause a financial liability. I wish he had chosen a
> more objective
> > and less FUD approach. Right subject matter, wrong approach - IMHO.
>
> I am sorry that you find the post unprofessional, but again,
> thats not
> really important.  What is important is that what I wrote was 100%
> factual and true.  Our services are also highly effective,
> 100% factual,
> and 100% true.  Why?  Well thats simple.  If we work with
> facts and not
> FUD or hype, then we are offering our clients the best possible
> solutions.  Whats wrong with that?
>
> > But to object on the grounds that 'ISECOM' forbids it is
> difficult to
> > understand. The word 'forbid' is too strong, dont you think
> ? How can
> > you 'forbid' anyone from doing legal things in a free
> country ?? esp.
> > considering the 'stubborn' profile that most people from the infosec
> > industry have!! (by stubborn I mean it in a good sense,
> i.e. you have
> > continued banging your head against the wall till you
> understood things,
> > while others would have walked away from the challenge and
> taken on less
> > demanding jobs).
>
> I think the word that you are looking for is persistent:
>
> per·sis·tent adj.
>
>     1. Refusing to give up or let go; persevering obstinately.
>
>
>
> Hope this helps...
>
> - --
> Regards,
>          -simon-
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQE/fJtuf3Elv1PhzXgRAiQEAJ9UHtk1UKIMnOnWxtNbKX7V4b+oiQCdEm4o
> UyveEiQE6c29nYmeZhqdNfc=
> =v36c
> -----END PGP SIGNATURE-----
>
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> --------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------