[rescue] shysters who claim to do security audits
Greg A. Woods
rescue at sunhelp.org
Tue Jun 26 16:00:06 CDT 2001
[ On Tuesday, June 26, 2001 at 15:16:00 (-0500), ward at zilla.nu wrote: ]
> Subject: Re: [rescue] RE: Why buy DEC when you can get the milk for free?
> I hear they just use nessus these days.
The last time one of my customers got a nessus report from some
third-party so-called auditor I nearly hit the roof. They paid the
shysters something like $10,000.00 for it too!
But that wasn't the worst of it. They also claimed that they'd done a
remote root exploit using SSH. Unfortunately (for them) the bug they
claimed they'd used had been eliminated from the systems months before
they ever even heard of us. I seriously thought of suing them for
professional slander. If I ever see them again I'll kick their butts,
The idiot upper-manager at this particular customer didn't even
understand the issue and insists to this day he got his money's worth.
I haven't been able to give a customer a clam reasoned discussion of the
merits an demerits of third party auditing since. Don't even get me
started on so-called "attack teams".
Greg A. Woods
+1 416 218-0098 VE3TCP <gwoods at acm.org> <woods at robohack.ca>
Planix, Inc. <woods at planix.com>; Secrets of the Weird <woods at weird.com>
More information about the rescue