Full Disclosure mailing list archives
Re: [Professional IT Security Providers - Exposed] Audit Serve, Inc. ( F- )
From: "SilentRunner" <silentrunner () hushmail com>
Date: Fri, 21 Dec 2007 12:15:05 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 So, because I disagree strongly with your actions I must be the subject of your review? Clearly, your progenitors were swimming in the shallow end of the gene pool when they set about screwing your sorry excuse for a brain into existence. You obviously didn't understand the salient points of my reponse, so lets try it again: . It is perfectly possible to create a complex system and offer it to customers cheaply, even if the volumes are not enough to cover ones costs. This is known as loss leading, and as I explained, is a reasonable way to upsell more comprehensive and therefore more costly services. This sort of thing is Sales and Marketing 101 and should be quite obvious to even your neuron-challenged grey-matter. . You gave an F for poor quality service (your words), without buying a service. QED. It is quite obvious that the "we" you refer to is just you and the reviews you are purporting to offer are simply a transparent way of getting something published to help you apply for a job. So, with that in mind, consider this: What potential employer is going to consider your "published works", when the entire (mercifully so far only one) collection is to be reviews of goods and services you have not actually seen or received. At this point, the unutterable stupidity of this is so monumental that a cogent analogy of the requisite gravity escapes me. Finally, your last quote is priceless: "Not even sure why people would use your service instead of going direct to Qualys." It's called re-selling. Go back to school skiddie, you have no place here and no place in the trade. SR On Tue, 18 Dec 2007 18:07:03 +0000 SecReview <secreview () hushmail com> wrote:
It is not highly possible that they have developed a high quality automated tool that covers all the basis because their price points are not high enough to afford them a good development team. In conjunction, they clearly advertise the use of QualysGuard all over their website which is not their own tool. It is more likely that they are a "rubber stamp shop of approval" that make a buck by enabling their customers to put a "check in the box". Frankly, thats not security, thats even a a disservice. They
are for all intents and purposes selling a false sense of security
to customers who don't know any better. That said, I'd have to guess that you are Mitchell H. Levine as you've taken this post so personally. If you are, then why don't you improve the quality of your service offerings so that we can give you a better review. As it stands, you've received an F- because of the poor quality of your service. Not even sure why people would use your service instead of going direct to Qualys. Cheers On Tue, 18 Dec 2007 05:39:48 -0500 SilentRunner <silentrunner () hushmail com> wrote:Are you an idiot? It is certainly more than possible that Audit Serve are a low quality one-size-fits-all merchant. It is also equally possible that they have developed a high quality automated tool thatcoversall the basics and provides them a lead to upsell more advanced services. That's business, you get what you pay for. You don't know because you read their website with the critical eye of a self-important nerd, trying to be something you aren't (IE professional). You might as well write a car review by readingthefinancial reports of the car manufacturer. What you should have done at the very least is purchased their service and asked them to test elements of your pre-configuredandproperly baselined honey-net against known criteria. I'm guessing that your student loan doesn't stretch beyond partying or you might have produced something useful, muppet. SR On Mon, 17 Dec 2007 20:46:59 +0000 secreview <secreview () hushmail com> wrote:We found Audit Serve, Inc., run by Mitchell H. Levine, by searching for "Penetration Testing" on Google. Audit Serve, Inc. offers,ISAuditing, Integrated Auditing, Sarbanes-Oxley Implementation Services, Sarbanes-Oxley Ongoing Compliance Services, PCI, Security andInternet Vulnerability Assessment & Penetration Testing Services.Ourfirstimpression of Audit Serve, Inc. was that they were a "rubberstampof approval" shop that offers services that will do nothing totrulyraise your proverbial security bar but will let you fill in your security checklist. This impression was made so quickly because of the $495.00 price quote on their main page. It reads "Internet Vulnerability Assessment & Penetration Testing starting at $495". (Just as an FYI, it is impossible to perform any human driven professional security services for that price. The cost of talent is simply too high.)When digging into their services we quickly realize that our initial impression of Audit Serve was accurate. They are in fact a"rubberstamp of approval" shop. Their security service deliverables appear to be the product of automated scanners (QualysGuard) and not the product of human talent. This also coincides with them being able to offer "Internet Vulnerability Assessment & Penetration Testing" services starting at $495, as no human element is incorporated into the deliverable based on what we saw.If you do not care about the security of your IT Infrastructure, and only want to get the "rubberstampof approval" then Audit Serve, Inc. is your one stop shop. If ontheother hand you do care about the security of your IT infrastructure, then we'd suggest finding a different provider.Grade Note:We'regivingAudit Serve an F- for two reasons. The first reason is that theyappearto be in the Information Security business to make a buck by providing people with the "rubber stamp of approval". In doing so they areactuallydoing a disservice to the IT community, and the IT Security Community. The second reason why we are giving them an F- is because their security services appear to use no human element and relystrictlyon automated scanning (QualysGuard). If you feel that this grade is too harsh, let us know. -- Posted By secreview to Professional IT Security Providers - Exposed at 12/17/2007 10:28:00 AMRegards, The Secreview Team http://secreview.blogspot.com Professional IT Security Service Providers - Exposed -- Shop & save on a huge selection of quality mission furniture. Click here! http://tagline.hushmail.com/fc/Ioyw6h4daiHFeuHUeohvVNbQT8OANHyl3DaE
rNijfwC5PbLUjm0sMv/
-----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Charset: UTF8 Version: Hush 2.5 wpwEAQECAAYFAkdrrhQACgkQBGNKW24YMAdfGwP+NUVMC6Om92+War+aO8BxQXMkNy9i tsiRAcSs+XRCR9zgXzvUMWmb6t0BHHJdnsowtwfju83xRVxqDYOgF8BKH0C5WXD+o9Aa JSqSY/kcWY1X4HxwKhetonnbkwuSrW1DzdufLu9juK/xS0PqkLvcjbiXQRP+CiwFHpV7 2lsQDZ4= =g1mO -----END PGP SIGNATURE----- -- Click for top financial advice. Reduce debt & save for retirement. http://tagline.hushmail.com/fc/Ioyw6h4d76ClmQ4GHvrlmtE1vDTk21T4Q55JP1kX2zuiMZ1YpFx2oo/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: [Professional IT Security Providers - Exposed] Audit Serve, Inc. ( F- ) SilentRunner (Dec 18)
- <Possible follow-ups>
- Re: [Professional IT Security Providers - Exposed] Audit Serve, Inc. ( F- ) SecReview (Dec 18)
- Re: [Professional IT Security Providers - Exposed] Audit Serve, Inc. ( F- ) Mike Vasquez (Dec 18)
- Re: [Professional IT Security Providers - Exposed] Audit Serve, Inc. ( F- ) SilentRunner (Dec 21)