Security Basics mailing list archives
Re: Would you bet your life on your security?
From: Ranjeet Shetye <ranjeet.shetye2 () zultys com>
Date: Thu, 02 Oct 2003 13:16:23 -0700
On Wed, 2003-10-01 at 19:04, Eric Brown wrote:
Hello Simon, I'm pretty new to security, but this is discouraged by the ISECOM in their most current Open Source Security Testing Methodology Manual, p. 18, "2. The offering of free services for failure to penetrate or provide trophies from the target is forbidden." I wouldn't know this if I hadn't just read it though. Eric-----Original Message----- From: simon [mailto:simon () snosoft com] Sent: Wednesday, October 01, 2003, 4:18 PM To: security-basics () securityfocus com Subject: Would you bet your life on your security? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All, I'm not sure how many of you have had good security audits in the recent past so I thought I'd show you this. In summary Secure Network Operations, Inc. will do an external security audit of your network for approx $1000.00. If they don't find any vulnerabilities, then the audit is FREE and they send you a letter of validation. If they do find vulnerabilities, then they charge you and send you a formal report that details their finds and grades your network. Given some of the new laws that have been passed this seems like a pretty good service and a VERY cheap way to validate your companies security. Secure Network Operations also has a flawless track record and has the references to prove it. Why do I think this is a good idea? Well, the California identity theft law (Civil Code 1798.82),The new federal banking regulations are two reasons. They both make disclosure of a compromise MANDITORY. You need to tell ALL of your clients, by law, that you have been compromised and that their identities may have been stolen. So anyway, I'll shut up. For those of you that are interested check out the link below. For those of you that arent, I'm just trying to help people out so don't flame me or I'll /dev/null your mail. http://www.secnetops.com/pesa-form_html.html Their web site is: http://www.secnetops.com - -- Regards, -simon- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/e0/Nf3Elv1PhzXgRAqczAJ9jLoYmBi1aCs6DA49cB7nusXhv2QCgzeF6 0kewAu0Xz4t6+F5Px6kfKc8= =9AWM -----END PGP SIGNATURE----- --------------------------------------------------------------------------- ----------------------------------------------------------------------------To do is to be. -Socrates To be is to do. -Satre Do be do be do. -Sinatra --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Actually, no respectable professional really advertizes his/her services in a forum where other professionals are reading/teaching/learning unless its something specially setup for the purpose of advertizing one's needs/wants e.g. the security-jobs mailing list. I think that's standard etiquette for mailing lists. On these grounds, I find Simon's advertizing pretty unprofessional - despite the solid reasons (or FUD ?) given as to why insecure networks can cause a financial liability. I wish he had chosen a more objective and less FUD approach. Right subject matter, wrong approach - IMHO. But to object on the grounds that 'ISECOM' forbids it is difficult to understand. The word 'forbid' is too strong, dont you think ? How can you 'forbid' anyone from doing legal things in a free country ?? esp. considering the 'stubborn' profile that most people from the infosec industry have!! (by stubborn I mean it in a good sense, i.e. you have continued banging your head against the wall till you understood things, while others would have walked away from the challenge and taken on less demanding jobs). -- Ranjeet Shetye Senior Software Engineer Zultys Technologies Ranjeet dot Shetye2 at Zultys dot com http://www.zultys.com/ The views, opinions, and judgements expressed in this message are solely those of the author. The message contents have not been reviewed or approved by Zultys. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Would you bet your life on your security? simon (Oct 01)
- Re: Would you bet your life on your security? Jimi Thompson (Oct 10)
- <Possible follow-ups>
- Re: Would you bet your life on your security? Eric Brown (Oct 02)
- RE: Would you bet your life on your security? David Gillett (Oct 02)
- Re: Would you bet your life on your security? simon (Oct 06)
- Re: Would you bet your life on your security? Ranjeet Shetye (Oct 02)
- Re: Would you bet your life on your security? simon (Oct 02)
- Re: Would you bet your life on your security? David Moisan (Oct 03)
- RE: Would you bet your life on your security? David Gillett (Oct 03)
- RE: Would you bet your life on your security? David Gillett (Oct 02)
- RE: Would you bet your life on your security? MacDougall, Shane (Oct 03)
- RE: Would you bet your life on your security? MacDougall, Shane (Oct 03)
- RE: Would you bet your life on your security? David Gillett (Oct 06)
- Re: Would you bet your life on your security? simon (Oct 06)
- RE: Would you bet your life on your security? David Gillett (Oct 06)