Security Basics mailing list archives
RE: Would you bet your life on your security?
From: "David Gillett" <gillettdavid () fhda edu>
Date: Thu, 2 Oct 2003 17:12:14 -0700
Well, now that you've revealed that you are actually affiliated with the subject operation, instead of letting us think you're just a fellow professional passing along a practical tip, I have to agree with Ranjeet. David Gillett
-----Original Message----- From: simon [mailto:simon () snosoft com] Sent: October 2, 2003 14:41 To: Ranjeet Shetye Cc: ericbrow () ziplip com; security-basics () securityfocus com Subject: Re: Would you bet your life on your security? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Neat, I am very happy that I am getting as much input and feed back as I am. I even appreciate the below message where Ranjeet is telling me that I am being unprofessional, we all have our opinion... but who are we to judge? I'll respond in a few sections here, so please tolearte the choppy email. "I'm pretty new to security, but this is discouraged by the ISECOM in their most current Open Source Security Testing Methodology Manual, p. 18, "2. The offering of free services for failure to penetrate or provide trophies from the target is forbidden" Let me make this very simple for you. If you bring your car into a shop and they find no problems do you want to pay for a brake job, and new ball joints? If we find vulnerabilities then we will help you fix them. If we don't, then you haven't spent a dime. What you seem to be proposing is that you spend money regardless of the work done? Hey, send some checks my way... Moving on...Actually, no respectable professional really advertizeshis/her servicesin a forum where other professionals are reading/teaching/learningI'm sorry if I've offended you. So far you seem to be the first person thats been offended by this. So tell me, why don't "respectable professionals" send helpful offerings to mailing lists? I'd be very interested in understanding your reason.unless its something specially setup for the purpose of advertizing one's needs/wants e.g. the security-jobs mailing list. Ithink that'sstandard etiquette for mailing lists.On these grounds, I find Simon's advertizing pretty unprofessional - despite the solid reasons (or FUD ?) given as to whyinsecure networkscan cause a financial liability. I wish he had chosen amore objectiveand less FUD approach. Right subject matter, wrong approach - IMHO.I am sorry that you find the post unprofessional, but again, thats not really important. What is important is that what I wrote was 100% factual and true. Our services are also highly effective, 100% factual, and 100% true. Why? Well thats simple. If we work with facts and not FUD or hype, then we are offering our clients the best possible solutions. Whats wrong with that?But to object on the grounds that 'ISECOM' forbids it isdifficult tounderstand. The word 'forbid' is too strong, dont you think? How canyou 'forbid' anyone from doing legal things in a freecountry ?? esp.considering the 'stubborn' profile that most people from the infosec industry have!! (by stubborn I mean it in a good sense,i.e. you havecontinued banging your head against the wall till youunderstood things,while others would have walked away from the challenge andtaken on lessdemanding jobs).I think the word that you are looking for is persistent: per·sis·tent adj. 1. Refusing to give up or let go; persevering obstinately. Hope this helps... - -- Regards, -simon- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/fJtuf3Elv1PhzXgRAiQEAJ9UHtk1UKIMnOnWxtNbKX7V4b+oiQCdEm4o UyveEiQE6c29nYmeZhqdNfc= =v36c -----END PGP SIGNATURE----- -------------------------------------------------------------- ------------- -------------------------------------------------------------- --------------
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Would you bet your life on your security? simon (Oct 01)
- Re: Would you bet your life on your security? Jimi Thompson (Oct 10)
- <Possible follow-ups>
- Re: Would you bet your life on your security? Eric Brown (Oct 02)
- RE: Would you bet your life on your security? David Gillett (Oct 02)
- Re: Would you bet your life on your security? simon (Oct 06)
- Re: Would you bet your life on your security? Ranjeet Shetye (Oct 02)
- Re: Would you bet your life on your security? simon (Oct 02)
- Re: Would you bet your life on your security? David Moisan (Oct 03)
- RE: Would you bet your life on your security? David Gillett (Oct 03)
- RE: Would you bet your life on your security? David Gillett (Oct 02)
- RE: Would you bet your life on your security? MacDougall, Shane (Oct 03)
- RE: Would you bet your life on your security? MacDougall, Shane (Oct 03)
- RE: Would you bet your life on your security? David Gillett (Oct 06)
- Re: Would you bet your life on your security? simon (Oct 06)
- RE: Would you bet your life on your security? David Gillett (Oct 06)