Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Would you bet your life on your security?

From: simon <simon () snosoft com>
Date: Thu, 02 Oct 2003 17:41:02 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Neat,
I am very happy that I am getting as much input and feed back as I am. I even appreciate the below message where Ranjeet is telling me that I am being unprofessional, we all have our opinion... but who are we to judge? 

        I'll respond in a few sections here, so please tolearte the choppy email.

"I'm pretty new to security, but this is discouraged by the ISECOM in
their most current Open Source Security Testing Methodology Manual,
p. 18, "2. The offering of free services for failure to penetrate or
provide trophies from the target is forbidden"
Let me make this very simple for you. If you bring your car into a shop and they find no problems do you want to pay for a brake job, and new ball joints? If we find vulnerabilities then we will help you fix them. If we don't, then you haven't spent a dime. What you seem to be proposing is that you spend money regardless of the work done? Hey, send some checks my way... 

                

Moving on...


Actually, no respectable professional really advertizes his/her services
in a forum where other professionals are reading/teaching/learning
I'm sorry if I've offended you. So far you seem to be the first person thats been offended by this. So tell me, why don't "respectable professionals" send helpful offerings to mailing lists? I'd be very interested in understanding your reason. 



unless its something specially setup for the purpose of advertizing
one's needs/wants e.g. the security-jobs mailing list. I think that's
standard etiquette for mailing lists.




On these grounds, I find Simon's advertizing pretty unprofessional -
despite the solid reasons (or FUD ?) given as to why insecure networks
can cause a financial liability. I wish he had chosen a more objective
and less FUD approach. Right subject matter, wrong approach - IMHO.
I am sorry that you find the post unprofessional, but again, thats not really important. What is important is that what I wrote was 100% factual and true. Our services are also highly effective, 100% factual, and 100% true. Why? Well thats simple. If we work with facts and not FUD or hype, then we are offering our clients the best possible solutions. Whats wrong with that? 


But to object on the grounds that 'ISECOM' forbids it is difficult to
understand. The word 'forbid' is too strong, dont you think ? How can
you 'forbid' anyone from doing legal things in a free country ?? esp.
considering the 'stubborn' profile that most people from the infosec
industry have!! (by stubborn I mean it in a good sense, i.e. you have
continued banging your head against the wall till you understood things,
while others would have walked away from the challenge and taken on less
demanding jobs).


I think the word that you are looking for is persistent:

per·sis·tent adj.

   1. Refusing to give up or let go; persevering obstinately.



Hope this helps...
- -- Regards, 
        -simon-

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/fJtuf3Elv1PhzXgRAiQEAJ9UHtk1UKIMnOnWxtNbKX7V4b+oiQCdEm4o
UyveEiQE6c29nYmeZhqdNfc=
=v36c
-----END PGP SIGNATURE-----


---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: