Full Disclosure mailing list archives
Re: [Professional IT Security Providers - Exposed] QuietMove ( D - )
From: "Andre Gironda" <andreg () gmail com>
Date: Mon, 31 Dec 2007 20:36:49 -0700
On Dec 31, 2007 2:13 PM, secreview <secreview () hushmail com> wrote:
Not sure about our readers, but to us at Secreview that hardly makes Adam an IT Security Expert. But wait, now we have a discrepancy...
Pardon me, but who is this? "secreview"? Who is behind this email address? If you don't identify yourself then I assume that this entire thread is some sort of vengeance play.
According to the QuietMove website, Adam "has over 14 years of experience in information security, software, and product R&D with 8 years being dedicated solely to security." His QuietMove bio goes on to say "Adam's particular talents include penetration testing of web and binary applications, networks, systems, and SCADA, "social engineering" and physical penetration of facilities, and in developing professional services offerings." This just doesn't add up.
I can vouch for Adam's 14 years of experience and then some. When I met Adam in 1992, he already had a strong command of Unix security. He was an administrator (1 of 4 total over 7 years) of Unphamiliar Territories (UPT), a vulnerability research BBS that ran from 1989 - 1996. It was a prominent place for information about vulnerability research. Many held it in higher regard than Phrack magazine or any leading website/magazine during that time period. Sites such as PullThePlug, HackThisSite, etc all borrowed ideas from UPT, and the code was re-used and made available in Phrack magazine as well as integrated into the Linux kernel or features thereof. UPT was about 5-6 years ahead of the NSA before they released SELinux and 7-8 years ahead of projects such as GRSecurity. Anyone making such an enormous contribution to this sort of project has certainly provided a greater service to our industry than a "secreview"/company-bashing organization such as yourself.
Anyway, remember we didn't set out to bash anyone here
Well then you should read your email before you hit the "send" button.
but Adam/QuietMove put himself/themselves in the line of fire. QuietMove appears to be a very small and disorganized shop. Their website is half-assed and incomplete and we can't say anything better about their talent profile. We suggest that QuietMove complete their website and review their talent profile, then we'll set out to do another review and see if they score better. As of right now, we can't give them more than a D-. We'll keep an eye on their website and redo this review if they ever fix their issues.
Many small businesses such as QuietMove have a hard enough time staying alive in this industry. I suggest you "pick on someone your own size" even if you have a legitimate problem with QuietMove or Adam. Compared to the other companies that you mentioned (Accuvant, IBM/ISS, Pegasus), QuietMove will certainly provide a much more friendly service environment for companies to work in. I would put my recommendation of quality on the work QuietMove does as A+. There are few PCI ASV's or penetration testing companies that I would find any value in -- and QuietMove exceeds my expectations in this area. Cheers, Andre _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: [Professional IT Security Providers - Exposed] QuietMove ( D - ) Adam Muntner (Jan 01)
- Re: [Professional IT Security Providers - Exposed] QuietMove ( secreview review: D- ) Adam Muntner (Jan 01)
- Re: [Professional IT Security Providers - Exposed] QuietMove ( D - ) reepex (Jan 01)
- Re: [Professional IT Security Providers - Exposed] QuietMove ( D - ) veda (Jan 01)
- Re: [Professional IT Security Providers - Exposed] QuietMove ( D - ) Adam Muntner (Jan 01)
- <Possible follow-ups>
- Re: [Professional IT Security Providers - Exposed] QuietMove ( D - ) SilentRunner (Jan 01)
- Re: [Professional IT Security Providers - Exposed] QuietMove ( D - ) Andre Gironda (Jan 01)
- Re: [Professional IT Security Providers - Exposed] QuietMove ( D - ) reepex (Jan 01)
- Message not available
- Re: [Professional IT Security Providers - Exposed] QuietMove ( D - ) reepex (Jan 01)
- Re: [Professional IT Security Providers - Exposed] QuietMove ( D - ) coderman (Jan 01)
- Re: [Professional IT Security Providers - Exposed] QuietMove ( D - ) Andre Gironda (Jan 02)
- Re: [Professional IT Security Providers - Exposed] QuietMove ( D - ) reepex (Jan 02)
- Re: [Professional IT Security Providers - Exposed] QuietMove ( D - ) reepex (Jan 01)