Re: Will the real hacker please stand up and raise their hand

[Mark Teicher <mht3 () earthlink net>]

FWD:

This would make a great panel talk at BlackHat or DEFCON??  :) Kind of reminds me of that talk at BlackHat 2002 "Why 
blah kiddies s***"..



-----Original Message-----
From: isn-bounces () infosecnews org [mailto:isn-bounces () infosecnews org] On Behalf Of InfoSec News
Sent: Tuesday, July 18, 2006 1:47 AM
To: isn () infosecnews org
Subject: [ISN] UPDATE: Can You Ever Trust A Hacker? UBS Trial Puts It To ATest 

http://www.informationweek.com/security/showArticle.jhtml?articleID=190400435

By Sharon Gaudin 
InformationWeek 
July 17, 2006

After 20 years in computer security, including 11 in the financial 
services industry, Karl Kasper is being vilified as a dangerous man.

Over the past month, in the trial of former UBS PaineWebber system admin 
Roger Duronio, Kasper has been attacked by the defense because of his 
background as a computer hacker and his role in UBS's investigation of the 
attack. The lawyer for Duronio, defending him against charges that he 
sabotaged UBS PaineWebber's trading network four years ago, asserted that 
hackers can't be trusted to do a credible investigation. Kasper says the 
defense team is just desperate. (A verdict is expected this week.)

Regardless of the outcome, Kasper's involvement in the case raises anew 
important questions about whether ex-hackers should be hired for their 
information security expertise.

Kasper got involved with UBS PaineWebber days after the "logic bomb" was 
detonated. UBS hired his company, @Stake, to conduct the initial forensic 
analysis. Kasper has impressive security credentials. He helped found 
@Stake and has testified in front of a Senate committee about security 
issues; he's since left @Stake and works as a VP in IT security at 
JPMorgan Chase, not the first financial services firm at which he's 
worked. Still, he's being haunted by his time as a member of the L0pht, a 
hacker group that achieved star status in the 1990s.

The defense in the Duronio trial made much of the fact that in the 
computer industry, Kasper goes by the pseudonym John Tan. Is that akin to 
a writer using a pen name--Kasper treats it as more of a marketing brand 
name--or is it a sign of something devious below the surface of business 
suits and board meetings?

It's a question that has been asked before as hackers left their black 
T-shirts and ponytails behind and entered the mainstream to cash in on 
their technical savvy. As they worked away in their cubicles, many people 
forgot they had once poked at systems and applications, looking for flaws 
that would leave people and companies open to attack. Many still do those 
same kinds of penetration tests, only now they do it for a regular 
paycheck and a 401(k).

Back in their hacker days, did any of them ever use the holes they found 
to break into systems, peek at private information, or even cause damage? 
In some cases, yes. But it's unfair and inaccurate to say they all did.

Having hackers work at computer security companies or as IT consultants 
generally elicits one of two responses: It's the smartest thing you can 
do, or what the hell are you thinking?

"It's generally a bad idea to bring in old hackers because they have 
habits that are hard to break," says Alan Paller, director of research at 
security researcher the SANS Institute. Yet when it comes to dissecting a 
possible computer crime scene, Paller sees value. "Somebody who has broken 
into computers is more likely to see the evidence of a break-in," he says. 
"For forensics, when they are tightly managed, it's a great idea.'' Still, 
Kasper's involvement with the L0pht would raise extra questions in 
Paller's mind about giving him access to production systems and live data. 
There's a clear distinction between hackers and computer criminals, even 
if that's not widely recognized, says Jeff Moss, director of Black Hat 
(owned by CMP Technology, publisher of InformationWeek), which runs 
computer security conferences and training events. "You have good hackers 
and bad hackers, just like you have good plumbers and criminal plumbers," 
says Moss, who describes as "totally silly" the trial jabs at Kasper. 
"They say John Tan is an evil hacker, yet he's never been arrested or 
charged with anything."


Threat or Scapegoat?

Indeed, Kasper hasn't ever been charged with writing malware, damaging a 
computer network, or even penetrating an unsuspecting system. On the 
contrary, he has spoken at the SANS Institute and at several universities, 
including the MIT Summer Security Camp.

Yet Chris Adams, the defense lawyer in the Duronio trial in federal court 
in Newark, N.J., pinned much of his client's defense on calling into doubt 
any backup tapes, coding, and mirror images that Kasper touched. Much of 
Duronio's future is riding on whether a jury believes that a hacker--black 
or white hat--is a bad person, capable of accidentally or intentionally 
undermining an investigation. Jurors were still deliberating the case late 
last week. (Look for the latest trial updates at InformationWeek.com.)

Kasper says he protected all the evidence he handled and did a responsible 
job investigating the March 4, 2002, attack, which deleted all files from 
nearly 2,000 servers at the company. But he admitted that @Stake at times 
had to convince some clients that there was nothing to worry about. "It's 
something @Stake had to fight," Kasper says. "It's a very knee-jerk 
reaction. Unless you hire people with a deep understanding [of systems and 
security], what are you getting?"

The L0pht's reputation certainly contributes to the mystique. The group, a 
seven-man fraternity, held tech jobs during the day and met in a warehouse 
at night to challenge their hacking skills. They spent much of their time 
amid an assortment of hard drives, cables, and empty pizza boxes trying to 
exploit security flaws in widely used operating systems and software 
packages. L0pht members weren't known for wreaking havoc on company 
systems. They promoted themselves as a consumer watchdog group, the Robin 
Hoods of tech, exposing and fixing hidden flaws.

In February 1999, members of the L0pht reported finding a vulnerability in 
Windows NT. The flaw would allow any NT user to take administrator-level 
control of the computer. The group alerted the public and Microsoft, which 
released a security advisory and a fix. But while they were issuing alerts 
for software flaws and painting themselves as white hats, they also issued 
L0phtCrack, a password-cracking tool for Windows NT. At the time, 
L0phtCrack was believed to be one of the most widely distributed hacking 
tools. However, it also could be used to benefit a company's IT 
department. In fact, Microsoft advised customers in a 1998 security 
bulletin to consider evaluating a tool such as L0phtCrack to check the 
quality of users' passwords.

Does any of this make Kasper, or any of the other members of the L0pht, 
part of the "murky underworld of cybercrime," as the defense called them 
repeatedly throughout the trial?

When a reporter put the question to him, Kasper laughed at the suggestion. 
''I don't see them calling me to the stand," he said. "I'd say the Senate 
and the White House wouldn't have invited us in if we were that shady.''


Plagiarism Raised As Another Issue

Someone else in the forensics community who wasn't called to the stand was 
Michael Michalowicz, a partner at Protiviti, the company the Duronio 
defense team hired to do its forensics investigation. Kevin Faulkner, a 
senior consultant with Protiviti, did the investigation and acted as a 
defense witness in court. Michalowicz is his supervisor, reviewing 
Faulkner's forensics analysis and signing off on his ultimate report.

Michalowicz was on the defense's potential witness roster but he never was 
called to the stand. Faulkner did take the stand. He was the defense's 
first of only two witnesses called. Once the government had a chance to 
cross-examine Faulkner, the prosecutor quickly began questioning the 
forensics investigator about his boss. After asking Faulkner about 
Michalowicz's level of participation in the case, Assistant U.S. Attorney 
Mauro Wolfe directly asked him if he knew his boss had plagiarized an 
article.

The judge wouldn't allow the evidence into the case but the prosecution 
was pointing to the fact that Michalowicz had an article, entitled Data 
Forensics--In Search of the Smoking Gun, published by the Boston College 
Law School: Intellectual Property and Technology Forum in March 2005. A 
longer version of the same article, similarly entitled Data Forensics--The 
Smoking Gun May be a Click Away, was published in the New Jersey Law 
Journal on Sept. 13, 2004 with the byline Paul G. Lewis.

While Michalowicz's article was longer than Lewis', they were highly 
similar. The first sentence in the Lewis article reads: "The term 'data 
forensics' suggests a high-tech process reserved only for cases centered 
around proprietary technology." The first sentence in the Michalowicz 
article reads: "The term 'data forensics' sounds like a high tech process 
reserved only for those select cases encompassing proprietary technology." 
The second sentences are identical. The similarities--or outright 
duplicate phrases--continue throughout the pieces.

When questioned about it, a spokesperson for Protiviti said the article is 
the property of the company so any of Protiviti's partners can put their 
name on it. She said the article was the "intellectual property of the 
firm."

But that begs the question of whose ideas they are and why Michalowicz 
would have an article published under his own name when it had been 
published under someone else's name a full year earlier. In a court case 
where the reliability and trustworthiness of the security companies 
involved came into such dramatic play, such a move might make the waters 
even murkier.


Name That Hacker

In the current trial, defense attorney Adams repeatedly pointed out that 
Kasper used the Tan pseudonym when dealing with U.S. Secret Service agents 
investigating the attack on UBS. He even signed official forensic 
documents, such as chain-of-custody documents for evidence, as John Tan.

Greg O'Neil, the lead Secret Service agent on the case, testified during 
the first weeks of the trial that he hadn't been aware until late 2004 or 
early 2005 that John Tan was not his real name. "He lied to you about the 
most basic information," Adams asserted during O'Neil's cross examination.

Kasper says he was up front with the Secret Service about the fact that he 
uses two names and would be going by John Tan during the UBS 
investigation. He says he made a point of bringing it up during his first 
meeting with Secret Service agents. O'Neil testified he was out of the 
office the day of that meeting and was brought in for subsequent meetings.


Brand Name

"When we get involved [in investigations], we use the pseudonyms," Kasper 
says, "but we're open and more than willing to share our real identities." 
Kasper, who says he even has credit cards under his Tan name, began using 
the pseudonym when he was in the L0pht, which tested various products and 
offered critical reviews. It was a way to protect his employer at the time 
(a financial institution that he declined to name) from vengeful tactics 
by IT vendors in the event they were angered by unfavorable reviews.

Now, the name has market value. "The public works that I put out in the 
security field were under my pen name, and my Senate testimony was under 
my pen name," he points out. "There definitely was a brand name in it. 
When we were building @Stake, part of the idea was to retain the brand 
name we built up in the L0pht. There was absolutely no recognition for the 
real names, so we stuck with the brand."

Kasper also rebutted the defense's suggestions that evidence he handled 
can't be trusted. He says he kept the evidence safe, using 
government-rated classified document containers to lock it away. @Stake 
also maintained chain-of-custody documents and used video surveillance to 
monitor the main entry to the company's office, labs, and document 
containers.

The jury's decisions should shed some light on what tech industry 
outsiders think of people like Kasper. Is prodding software for security 
flaws while operating under an assumed name grounds for lifelong 
suspicion--or front-line training that's perfect for investigating real 
criminals?

Copyright 2005 CMP Media LLC


_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com


-----Original Message-----
> From: "Thor (Hammer of God)" <thor () hammerofgod com>
> Sent: Jul 14, 2006 4:59 PM
> To: Mark Teicher <mht3 () earthlink net>, arian.evans () anachronic com, Untitled <pen-test () securityfocus com>
> Subject: Re: Will the real hacker please stand up and raise their hand
>
> What, the trainers aren't good enough? ;)
>
> T
>
> ---
> New Blackhat Vegas 2006 Training Offered!
> ISA Ninjitsu: 
> Designing, Building, and Maintaining Enterprise Firewall
> and DMZ Topologies with Microsoft ISA Server 2004
> http://www.blackhat.com/html/bh-usa-06/train-bh-us-06-tm-isa.html
>
>
> On 7/14/06 12:46 PM, "Mark Teicher" <mht3 () earthlink net> spoketh to all:
>
> > Anyone on the speaker circuit.. :)
> >
> > -----Original Message-----
> > > From: "Arian J. Evans" <arian.evans () anachronic com>
> > > Sent: Jul 14, 2006 1:29 PM
> > > To: pen-test () securityfocus com
> > > Subject: RE: Will the real hacker please stand up and raise their hand
> > >
> > > I'm sorry, there's good & bad people out there, and I've worked
> > > for the bad kinds of folks Terry described, and while I could
> > > fill pages with sadly amusing anecdotes: that's life.
> > >
> > > There's also good folks out there to work for/with, and you
> > > simply have to look a little harder to find them.
> > >
> > > Yes, shameless self-promotion and over-committal BS wins most
> > > of the time; you should hear my friends in the pharmaceutical
> > > industry rant about this *same* subject. Except, they have
> > > a heck of a lot more Riding on their management's mistakes
> > > than an unfixed XSS or CSRF.
> > >
> > > Nothing unique about our industry vs. say accounting, except
> > > maybe about 600 years of formalized practice.
> > >
> > > I've gotten to sit beside PHD's who talk all day about network
> > > security concepts, but cannot run a sniffer to save their life,
> > > and I've worked with folks who would pick the PHD over the
> > > experienced professional to run the sniffer every time. </shrug>
> > >
> > > So if it bugs you, go get a PHD and be both.
> > >
> > > Mark: I am curious though, I'm headed to BlackHat next month,
> > > and who is it that you recommend I should be trying to meet?
> > >
> > > Arian J. Evans
> > > +1.913.378.3571 [mobile]
> > >
> > > "See? That was nothing.
> > > But that's how it always begins.
> > > Very small." -Egg Shen
> > >
> > >
> > > > -----Original Message-----
> > > > From: Mark Teicher [mailto:mht3 () earthlink net]
> > > > Sent: Thursday, July 13, 2006 3:36 PM
> > > > To: Terry; pen-test () securityfocus com
> > > > Subject: RE: Will the real hacker please stand up and raise their hand
> > > >
> > > > But why one doubt a Ph.D. (CISSP, IAM, CCNP, CCDA, CCNA, ACE,
> > > > CCSA, CCSE, and MCSE) who gained access to a database at
> > > > Roswell in the early 90's  Almost like a person who spent
> > > > over 10 years with the Federal Government perfecting the
> > > > skills which enable him to be called "one of the first
> > > > CYBERSPACE private investigators".
> > > >
> > > > Makes you want to attend BlackHat and actually meet and greet
> > > > a real bonafide grey/black hat hacker. :)
> > > >
> > > > -----Original Message-----
> > > > > From: Terry <tvernon24 () comcast net>
> > > > > Sent: Jul 13, 2006 3:56 PM
> > > > > To: 'Mark Teicher' <mht3 () earthlink net>, pen-test () securityfocus com
> > > > > Subject: RE: Will the real hacker please stand up and raise
> > > > their hand
> > > > > Just recently, I worked at a company whose main client was
> > > > the DoD. When I
> > > > > was being scouted I heard many promises and things that
> > > > peaked the interest
> > > > > of an ex-mischief maker. When I got the job I soon realized
> > > > that the man
> > > > > running the show was a huge fraud who claimed many accolades
> > > > above my own.
> > > > > Everything he said about his technical past was a lie and to
> > > > make things
> > > > > worse, whenever he talked about me openly he hyped me up to
> > > > be something I'm
> > > > > not from my past reputation. In the end he stopped
> > > > pretending to be my ally
> > > > > and I got railroaded but it didn't come without a price to
> > > > them. When I
> > > > > think about the whole mess now all I see is how shameless
> > > > self promotion and
> > > > > lies can get you anywhere, even a contract with the upper
> > > > rungs of our
> > > > > government. Today I surely think the agents in which were
> > > > involved have
> > > > > smartened up to this pretend company.
> > > > >
> > > > > My example here is I've made myself a bad name being your
> > > > typical black hat.
> > > > > When I turn it all around into a useful thing for society
> > > > nobody wants to
> > > > > hire me except liars and frauds. The things many of us on
> > > > this list know can
> > > > > save a company millions, the sad part is we get picked up by bullshit
> > > > > artists that cheapen the art in which we're skilled. I am
> > > > saddened when I
> > > > > think about all the huge liars and morons that put "Network Security
> > > > > Engineer" on their business card. Most people who look at my
> > > > resume aren't
> > > > > qualified enough to read it, so I get overlooked because of
> > > > their ignorance
> > > > > in my field and they pick based on who went to the best
> > > > school. I'm probably
> > > > > not alone in this plight.
> > > > >
> > > > > /end rant
> > > > > /dance
> > > > >
> > > > > -Terry
> > > > >
> > > > > -----Original Message-----
> > > > > From: Mark Teicher [mailto:mht3 () earthlink net]
> > > > > Sent: Thursday, July 13, 2006 7:23 AM
> > > > > To: pen-test () securityfocus com
> > > > > Subject: Will the real hacker please stand up and raise their hand
> > > > >
> > > > > Every once in a while, I read a story on the Internet, that
> > > > just doesn't add
> > > > > up, as listed below, it appears most organization,
> > > > enterprise type companies
> > > > > have policies preventing the hiring of known or identified
> > > > computer security
> > > > > type people, other companies hire them openly or make up
> > > > some impressive
> > > > > press statements stating they have hired one with rootfu or
> > > > some sort of
> > > > > skillz, whatever they might be..
> > > > >
> > > > > You be the judge after the reading the attached article..
> > > > >
> > > > > -------- Original Message --------
> > > > > Subject: [ISN] Hackers and Employment
> > > > > Date: Thu, 13 Jul 2006 03:15:11 -0500 (CDT)
> > > > > From: InfoSec News <alerts () infosecnews org>
> > > > > Organization: InfoSec News - http://www.infosecnews.org/
> > > > > To: isn () infosecnews org
> > > > >
> > > > > http://www.line56.com/articles/default.asp?ArticleID=7766
> > > > >
> > > > > By Demir Barlas
> > > > > Line56
> > > > > July 12, 2006
> > > > >
> > > > > The reason many of us who grew up outside America found this country
> > > > > charming and worthy of emulation was its principles, at
> > > > least as projected
> > > > > on the movie screen. You can argue about their politics, but the
> > > > > characters portrayed by John Wayne, for instance, operated
> > > > according to a
> > > > > fixed code of ethics. They stood for what they considered right; they
> > > > > never cheapened or sold themselves; and they lived (and died) with
> > > > > integrity.
> > > > >
> > > > > I encountered this America before I actually came here.
> > > > >
> > > > > Perhaps this is why it is so easy for me to see what
> > > > native-born Americans
> > > > > cannot understand about that their own country: that it is
> > > > rapidly falling
> > > > > into decadence. When I say this, I'm not referring to some declining
> > > > > standard of collective religious morality, but rather to personal
> > > > > morality. All too many Americans stand ready to pimp
> > > > themselves, and the
> > > > > system is now designed to reward rather than discourage
> > > > them. This is an
> > > > > arrangement that the rest of the world rightly considers
> > > > hypocritical and,
> > > > > despite all talk of globalism, will never emulate.
> > > > >
> > > > > Let me give an example. I recently got an e-mail from Avaya,
> > > > one of whose
> > > > > employees, Tom Porter, was leading a security team at the
> > > > World Cup. The
> > > > > e-mail proudly advertises Porter as a "a former hacker [who]
> > > > got into the
> > > > > U.S. government database on Roswell in the early 90s." Now
> > > > he has been
> > > > > able to have a highly visible and well-paying job as chief
> > > > of Internet
> > > > > security for FIFA and Avaya.
> > > > >
> > > > > As soon as I got this e-mail, I recalled the case of Frank
> > > > Abagnale, Jr.,
> > > > > the fraudster whose life was made into the movie Catch Me If You Can.
> > > > >
> > > > > And, I admit, I got angry. I want to tell you why.
> > > > >
> > > > > Some of my friends in the ninth grade were aspiring computer
> > > > hackers. I
> > > > > suppose it was a natural impulse for a bunch of intelligent
> > > > boys cooped up
> > > > > in an otherwise boring programming class. We tried a few
> > > > exploits but, in
> > > > > the end, got caught. We were never that good in the first place, not
> > > > > because we lacked intelligence but because, I am convinced,
> > > > of the ethos
> > > > > that had survived into Denver even into the 1980s. The ethos
> > > > told us that
> > > > > hacking was bad. We couldn't shrug this off our conscience, and so
> > > > > conducted our exploits rather half-heartedly.
> > > > >
> > > > > I've kept up with many of my classmates over the years.
> > > > There is, in the
> > > > > group with which I am familiar, no one who has committed a
> > > > felony, gone to
> > > > > jail, or refused to pay taxes. Everyone has walked the line. And our
> > > > > reward? Most of us struggle along at meaningless
> > > > occupations, trying to
> > > > > make ends meet -- punished, I maintain, by our consciences.
> > > > >
> > > > > For America no longer rewards conscience. If you kill
> > > > someone, you will be
> > > > > offered a book deal. If you impersonate a doctor and nearly cause the
> > > > > death of a baby [like Abagnale], someone will make a comedic
> > > > movie about
> > > > > you. If you become a hacker and endanger our government, you
> > > > will become a
> > > > > consultant. If you sink a company, you will find a high
> > > > position in that
> > > > > very government. Only competence at criminality and
> > > > self-promotion are
> > > > > rewarded. The more vicious, heartless, and inept you are, the further
> > > > > you'll go.
> > > > >
> > > > > If you want to talk about anti-Americanism, you can't find a better
> > > > > example. The culture of merit, sincerity, and principle that
> > > > once animated
> > > > > this country is gone, and that impacts everyone from left to right.
> > > > >
> > > > > Have you seen The Man Who Shot Liberty Valance? John Wayne's
> > > > character
> > > > > refuses to take the credit for an act that would, in that
> > > > day and age,
> > > > > have made him famous. His principles dictate that he cannot engage in
> > > > > self-promotion, which he leaves to Jimmy Stewart's character. Stewart
> > > > > becomes a senator and marries a woman with whom Wayne was in
> > > > love; Wayne
> > > > > retires from public life and dies alone.
> > > > >
> > > > > Oh, but today! After shooting Valance, Wayne would have
> > > > gotten a publicity
> > > > > agent, launched a blog, and gone on talk shows. He would
> > > > have done the
> > > > > lecture circuit, opened a consultancy on how to shoot
> > > > outlaws, and sold
> > > > > his "life rights" to a Hollywood studio.
> > > > >
> > > > > I'm sorry to say it, but I hate what you might call the
> > > > post-Wayne America
> > > > > (and I say this despite having radically different politics
> > > > from Wayne
> > > > > himself). It's an upside-down country in which criminals become
> > > > > celebrities while good, hard-working people struggle along
> > > > on dollars a
> > > > > day. There is no longer any act divorced from its promotion. The only
> > > > > principle is to gather as much money and fame as possible,
> > > > prostituting
> > > > > yourself all the way, until you die.
> > > > >
> > > > > I do not feel that a country can long endure such principles
> > > > or such acts
> > > > > of decadence. They constitute a kind of rot that will, some day, turn
> > > > > America into the equivalent of the moribund, cynical
> > > > countries of Western
> > > > > Europe. Moreover, they are a gleeful betrayal of every
> > > > principle on which
> > > > > this country stood for the first two centuries of its existence.
> > > > >
> > > > > I suppose this article will be met by incomprehension from
> > > > people who have
> > > > > absorbed their values from the post-Wayne moment in American
> > > > history. As a
> > > > > historian, I am a professional pessimist, but I can't help
> > > > but feel that
> > > > > these very people are only the tip of the iceberg; that, as
> > > > in the movie
> > > > > 15 Minutes (or, more apocalyptically, Death Race 2000),
> > > > crime will pay
> > > > > even more than it does today.
> > > > >
> > > > > It is worth concluding with a passage from Henry Miller's The
> > > > > Air-Conditioned Nightmare, which captures the spirit of the changed
> > > > > America to which I allude:
> > > > >
> > > > > As to whether I have been deceived, disillusioned...The
> > > > answer is yes, I
> > > > > suppose. I had the misfortune to be nourished by the dreams
> > > > and visions of
> > > > > great Americans. Some other breed of man has won out. The
> > > > world which is
> > > > > in the making fills me with dread....It is a world cluttered
> > > > with useless
> > > > > objects which men and women, in order to be exploited and
> > > > degraded, are
> > > > > taught to regard as useful....Whatever does not lend itself to being
> > > > > bought and sold...is debarred. In this world the poet is
> > > > anathema, the
> > > > > thinker a fool, and the man of vision a criminal.
> > > > >
> > > > > Copyright 2000-2006 Line56.com
> > > > >
> > > > >
> > > > > _________________________________
> > > > > Attend the Black Hat Briefings and
> > > > > Training, Las Vegas July 29 - August 3
> > > > > 2,500+ international security experts from 40 nations,
> > > > > 10 tracks, no vendor pitches.
> > > > > www.blackhat.com
> > > > >
> > > > >
> > > > > -------------------------------------------------------------
> > > > ---------------
> > > > > --
> > > > > This List Sponsored by: Cenzic
> > > > >
> > > > > Concerned about Web Application Security?
> > > > > Why not go with the #1 solution - Cenzic, the only one to
> > > > win the Analyst's
> > > > > Choice Award from eWeek. As attacks through web applications
> > > > continue to
> > > > > rise, 
> > > > > you need to proactively protect your applications from
> > > > hackers. Cenzic has
> > > > > the 
> > > > > most comprehensive solutions to meet your application
> > > > security penetration
> > > > > testing and vulnerability management needs. You have an
> > > > option to go with a
> > > > > managed service (Cenzic ClickToSecure) or an enterprise software
> > > > > (Cenzic Hailstorm). Download FREE whitepaper on how a
> > > > managed service can
> > > > > help you: http://www.cenzic.com/news_events/wpappsec.php
> > > > > And, now for a limited time we can do a FREE audit for you
> > > > to confirm your
> > > > > results from other product. Contact us at request () cenzic com
> > > > for details.
> > > > > -------------------------------------------------------------
> > > > ---------------
> > > > > --
> > > >
> > > >
> > > > --------------------------------------------------------------
> > > > ----------------
> > > > This List Sponsored by: Cenzic
> > > >
> > > > Concerned about Web Application Security?
> > > > Why not go with the #1 solution - Cenzic, the only one to win
> > > > the Analyst's 
> > > > Choice Award from eWeek. As attacks through web applications
> > > > continue to rise,
> > > > you need to proactively protect your applications from
> > > > hackers. Cenzic has the
> > > > most comprehensive solutions to meet your application
> > > > security penetration
> > > > testing and vulnerability management needs. You have an
> > > > option to go with a
> > > > managed service (Cenzic ClickToSecure) or an enterprise software
> > > > (Cenzic Hailstorm). Download FREE whitepaper on how a managed
> > > > service can 
> > > > help you: http://www.cenzic.com/news_events/wpappsec.php
> > > > And, now for a limited time we can do a FREE audit for you to
> > > > confirm your 
> > > > results from other product. Contact us at request () cenzic com
> > > > for details.
> > > > --------------------------------------------------------------
> > > > ----------------
> ----------------------------------------------------------------------------->>
> -
> > > This List Sponsored by: Cenzic
> > >
> > > Concerned about Web Application Security?
> > > Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
> > > Choice Award from eWeek. As attacks through web applications continue to
> > > rise, 
> > > you need to proactively protect your applications from hackers. Cenzic has
> > > the 
> > > most comprehensive solutions to meet your application security penetration
> > > testing and vulnerability management needs. You have an option to go with a
> > > managed service (Cenzic ClickToSecure) or an enterprise software
> > > (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
> > > help you: http://www.cenzic.com/news_events/wpappsec.php
> > > And, now for a limited time we can do a FREE audit for you to confirm your
> > > results from other product. Contact us at request () cenzic com for details.
> ----------------------------------------------------------------------------->>
> -
> > >
> >
> >
> > ------------------------------------------------------------------------------
> > This List Sponsored by: Cenzic
> >
> > Concerned about Web Application Security?
> > Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
> > Choice Award from eWeek. As attacks through web applications continue to rise,
> > you need to proactively protect your applications from hackers. Cenzic has the
> > most comprehensive solutions to meet your application security penetration
> > testing and vulnerability management needs. You have an option to go with a
> > managed service (Cenzic ClickToSecure) or an enterprise software
> > (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
> > help you: http://www.cenzic.com/news_events/wpappsec.php
> > And, now for a limited time we can do a FREE audit for you to confirm your
> > results from other product. Contact us at request () cenzic com for details.
> > ------------------------------------------------------------------------------
>
>
>
> ------------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security? 
> Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
> Choice Award from eWeek. As attacks through web applications continue to rise, 
> you need to proactively protect your applications from hackers. Cenzic has the 
> most comprehensive solutions to meet your application security penetration 
> testing and vulnerability management needs. You have an option to go with a 
> managed service (Cenzic ClickToSecure) or an enterprise software 
> (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
> help you: http://www.cenzic.com/news_events/wpappsec.php 
> And, now for a limited time we can do a FREE audit for you to confirm your 
> results from other product. Contact us at request () cenzic com for details.
> ------------------------------------------------------------------------------


------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------