Are PHC going to ultimately secure more work for "Security Consultants"?

[steve () entrenchtech com (Steve Manzuik)]

That is exactly what I said to them on that stupid mailing list.  "Thanks, you are buying me a new home..." which of 
course gets them into a frenzy of "sell-out" and other accusations.  But whatever, they are a bunch of misguided souls 
who think they are going to make a name for themselves.  I think this last rant from them, if its not happening 
already, will draw the attention of various law enforcement.

        -----Original Message----- 
        From: James Martin [mailto:fulldisclose () uuuppz com] 
        Sent: Mon 9/16/2002 5:56 AM 
        To: full-disclosure () lists netsys com 
        Cc: 
        Subject: [Full-disclosure] Are PHC going to ultimately secure more work for "Security Consultants"?
        
        

        -----BEGIN PGP SIGNED MESSAGE-----
        Hash: SHA1
        
        I've been pondering the real effect PHC are going to have (if at
        least
        partially successful) on the "Security Industry". My conclusion is
        that
        ultimately they will help, not hinder the industry. I'd be interested
        to
        hear your comments on my argument.
        
        What does the industry rely on to maintain a market? Fear. Fear of
        breaches
        of privacy. Fear of vandalism. Fear of embarrassment. Fear of loss of
        productivity.
        
        For a company to invest in maintaining security, they must be able to
        justify their fears. As many of you know it can be very difficult to
        convince those in suits that there's a real risk of being hacked. A
        tangible
        representation of the risk is often needed, rather than just
        protecting
        against an unknown enemy.
        
        The spread of worms and viruses has had a very noticeable effect on
        the
        security policy in several companies to which I have involvement.
        CodeRed
        and Nimda are words known to many relatively untech-savvy managers,
        they
        instil fear. However it is still difficult to convince many that
        there is a
        real risk of non automated attacks on their systems (i.e. real people
        hacking them, not a worm or virus). Part of the reason for this is
        there is
        no coherent focus on who these unknown enemies are.
        
        If PHC et al succeed in building a name for themselves in the media,
        they
        will become to Al Quida of the security  industry. Still very sketchy
        in
        detail, but a label for the risk. This in my opinion should prove a
        powerful
        weapon in the arsenal of those pushing for larger (or even some)
        budgeted
        capital for security related services.
        
        Ultimately a threat is going to strengthen the industry not weaken
        it. Keep
        up the good work PHC, your securing the internet ;P.
        
        
        Regards
        James
        
        
        Web: http://www.uuuppz.com
        Email:  me () uuuppz com
        
        
        -----BEGIN PGP SIGNATURE-----
        Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
        
        iQA/AwUBPYXG5vL9eRNyreu5EQKcmwCeMJL90UqqB0jXru9p8B81wXM95VgAn2xr
        +f96Zs+LvLOqUOmRViFocIzp
        =oFx7
        -----END PGP SIGNATURE-----
        
        
        _______________________________________________
        Full-Disclosure - We believe in it.
        Charter: http://lists.netsys.com/full-disclosure-charter.html