Re: Would you bet your life on your security?

From: Eric Brown (
Date: 10/02/03

  • Next message: Doc Rice: "Windows patch scripts"
    Date: Wed, 1 Oct 2003 19:04:00 -0700 (PDT)
    To: simon <>,

    Hello Simon,

    I'm pretty new to security, but this is discouraged by the ISECOM in their most current Open Source Security Testing Methodology Manual, p. 18, "2. The offering of free services for failure to penetrate or provide trophies from the target is forbidden."

    I wouldn't know this if I hadn't just read it though.

    > -----Original Message-----
    > From: simon []
    > Sent: Wednesday, October 01, 2003, 4:18 PM
    > To:
    > Subject: Would you bet your life on your security?
    > Hash: SHA1
    > All,
    > I'm not sure how many of you have had good security audits in the
    > recent past so I thought I'd show you this. In summary Secure Network
    > Operations, Inc. will do an external security audit of your network for
    > approx $1000.00. If they don't find any vulnerabilities, then the audit
    > is FREE and they send you a letter of validation. If they do find
    > vulnerabilities, then they charge you and send you a formal report that
    > details their finds and grades your network.
    > Given some of the new laws that have been passed this seems like a
    > pretty good service and a VERY cheap way to validate your companies
    > security. Secure Network Operations also has a flawless track record and
    > has the references to prove it.
    > Why do I think this is a good idea? Well, the California identity theft
    > law (Civil Code 1798.82),The new federal banking regulations are two
    > reasons. They both make disclosure of a compromise MANDITORY. You need
    > to tell ALL of your clients, by law, that you have been compromised and
    > that their identities may have been stolen.
    > So anyway, I'll shut up. For those of you that are interested check out
    > the link below. For those of you that arent, I'm just trying to help
    > people out so don't flame me or I'll /dev/null your mail.
    > Their web site is:
    > - --
    > Regards,
    > -simon-
    > -----BEGIN PGP SIGNATURE-----
    > Version: GnuPG v1.2.1 (GNU/Linux)
    > Comment: Using GnuPG with Mozilla -
    > iD8DBQE/e0/Nf3Elv1PhzXgRAqczAJ9jLoYmBi1aCs6DA49cB7nusXhv2QCgzeF6
    > 0kewAu0Xz4t6+F5Px6kfKc8=
    > =9AWM
    > -----END PGP SIGNATURE-----
    > ---------------------------------------------------------------------------
    > ----------------------------------------------------------------------------

    To do is to be. -Socrates
    To be is to do. -Satre
    Do be do be do. -Sinatra


  • Next message: Doc Rice: "Windows patch scripts"

    Relevant Pages