lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 04 Dec 2007 16:02:26 -0500
From: <secreview@...hmail.com>
To: <full-disclosure@...ts.grok.org.uk>,<trains@...torunix.com>
Subject: Re: Professional IT Security Service Providers -
	Exposed

Most intelligent people read the entire contents of what are said 
and ask questions before jumping to conclusions. Just to make sure 
that you've had the chance to read this, here it is again.

"Generally our reviews are done by reading the contents of the
companies website. We strip away all the marketing fluff and we
look for untruths, poor grammar, quality of service, team talent
and capabilities, site clarity, etc. If the website leaves us with
questions, or sounds too good to be true we call the security
company being reviewed and engage them in conversation about their
capabilities and offerings."

You'll notice that the above is an exact quote and not some altered 
version of what was said taken out of context by someone ("trains") 
trying to sound smart. 

Just to be clear, our mission is to expose IT Security Service 
Providers for what they really are, not to reinforce their 
marketing fluff and in some cases lies. 


On Tue, 04 Dec 2007 15:15:28 -0500 trains <trains@...torunix.com> 
wrote:
>Quoting secreview@...hmail.com:
>Greetings List:
>
>My team and I have started doing critical reviews of security
>companies that offer Professional IT Security Services. We find 
>...
><snip>
>May I offer a correction.  Try this message:
>
>     "My Team and I have reviewed web sites of companies and
>     (based on their web dev skillz and marketing lingo) have
>     rated the companies' security capabilities."
>
>based on their web sites.   that makes me sad.  that's right in 
>there  
>with counting the number CISSPs at a company.
>
>the sales people I have to work with assure me that the product  
>doesn't matter.  they keep telling me, "all that matters is the 
>sizzle  
>on the website and the well engineered marketing message".  Every 
>day  
>I tell them they are f'd up aholes.
>
>It looks like they are right.
>
>* sigh *
>
>
>
>tr
>
>-------------------------------------------------
>Email solutions, MS Exchange alternatives and extrication,
>security services, systems integration.
>Contact:    services@...torunix.com
>
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/

--
Faster loans with less paperwork. Compare rates. Click to find the right loan.
http://tagline.hushmail.com/fc/Ioyw6h4d9K1UVf4lnU2X2ZnaQdEMPIDRrMEiziaDY3VLzmyk971YAQ/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ