lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 18 Dec 2007 11:29:13 -0700
From: "Mike Vasquez" <mike.vasquez@...il.com>
To: SecReview <secreview@...hmail.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [Professional IT Security Providers -
	Exposed] Audit Serve, Inc. ( F- )

Well for starters, writing a company/service review by reading their website
is akin to doing a movie review by looking at the trailer, think about it.

Second: people go to qualys resellers for the addon services/extra value
that you can get/they may provide, as opposed to the stock services provided
by qualys.

And: with Qualys doing a bulk of the scanning work, they can devote the rest
of their time to other aspects of their security service.

There are many possible scenarios.  The bottom line is the service you're
offering, is a disservice.  Seriously.  Buy and Try, or keep doing movie
reviews on the trailer.  No one takes this seriously.  I read them for
entertainment value only.

Just like a trailer!  OMG.  See how well it all fits?

Are you siskel or ebert? or roper? who's left there anyway.

On Dec 18, 2007 11:07 AM, SecReview <secreview@...hmail.com> wrote:

> It is not highly possible that they have developed a high quality
> automated tool that covers all the basis because their price points
> are not high enough to afford them a good development team. In
> conjunction, they clearly advertise the use of QualysGuard all over
> their website which is not their own tool.
>
> It is more likely that they are a "rubber stamp shop of approval"
> that make a buck by enabling their customers to put a "check in the
> box". Frankly, thats not security, thats even a a disservice. They
> are for all intents and purposes selling a false sense of security
> to customers who don't know any better.
>
> That said, I'd have to guess that you are Mitchell H. Levine as
> you've taken this post so personally. If you are, then why don't
> you improve the quality of your service offerings so that we can
> give you a better review. As it stands, you've received an F-
> because of the poor quality of your service. Not even sure why
> people would use your service instead of going direct to Qualys.
>
> Cheers
>
>
>
>
>
> On Tue, 18 Dec 2007 05:39:48 -0500 SilentRunner
> <silentrunner@...hmail.com> wrote:
> >Are you an idiot?
> >
> >It is certainly more than possible that Audit Serve are a low
> >quality one-size-fits-all merchant. It is also equally possible
> >that they have developed a high quality automated tool that covers
> >all the basics and provides them a lead to upsell more advanced
> >services. That's business, you get what you pay for.
> >
> >You don't know because you read their website with the critical
> >eye
> >of a self-important nerd, trying to be something you aren't (IE
> >professional). You might as well write a car review by reading the
> >financial reports of the car manufacturer.
> >
> >What you should have done at the very least is purchased their
> >service and asked them to test elements of your pre-configured and
> >properly baselined honey-net against known criteria. I'm guessing
> >that your student loan doesn't stretch beyond partying or you
> >might
> >have produced something useful, muppet.
> >
> >SR
> >
> >
> >
> >
> >
> >On Mon, 17 Dec 2007 20:46:59 +0000 secreview
> ><secreview@...hmail.com> wrote:
> >>We found Audit Serve, Inc., run by Mitchell H. Levine, by
> >>searching
> >>for "Penetration Testing" on Google. Audit Serve, Inc. offers, IS
> >>Auditing, Integrated Auditing, Sarbanes-Oxley Implementation
> >>Services,
> >>Sarbanes-Oxley Ongoing Compliance Services, PCI, Security
> >>andInternet
> >>Vulnerability Assessment & Penetration Testing Services.Our first
> >>impression of Audit Serve, Inc. was that they were a "rubber
> >stamp
> >
> >>of
> >>approval" shop that offers services that will do nothing to truly
> >>raise
> >>your proverbial security bar but will let you fill in your
> >>security
> >>checklist. This impression was made so quickly because of the
> >>$495.00
> >>price quote on their main page. It reads "Internet Vulnerability
> >>Assessment & Penetration Testing starting at $495". (Just as an
> >>FYI, it
> >>is impossible to perform any human driven professional security
> >>services for that price. The cost of talent is simply too
> >>high.)When
> >>digging into their services we quickly realize that our initial
> >>impression of Audit Serve was accurate. They are in fact a
> >"rubber
> >>stamp of approval" shop. Their security service deliverables
> >>appear to
> >>be the product of automated scanners (QualysGuard) and not the
> >>product
> >>of human talent. This also coincides with them being able to
> >>offer "Internet Vulnerability Assessment & Penetration Testing"
> >>services starting at $495, as no human element is incorporated
> >>into the
> >>deliverable based on what we saw.If you do not care about the
> >>security
> >>of your IT Infrastructure, and only want to get the "rubber stamp
> >>of
> >>approval" then Audit Serve, Inc. is your one stop shop. If on the
> >>other
> >>hand you do care about the security of your IT infrastructure,
> >>then
> >>we'd suggest finding a different provider.Grade Note:We're giving
> >>Audit
> >>Serve an F- for two reasons. The first reason is that they appear
> >>to be
> >>in the Information Security business to make a buck by providing
> >>people
> >>with the "rubber stamp of approval". In doing so they are
> >actually
> >>doing a disservice to the IT community, and the IT Security
> >>Community.
> >>The second reason why we are giving them an F- is because their
> >>security services appear to use no human element and rely
> >strictly
> >
> >>on
> >>automated scanning (QualysGuard). If you feel that this grade is
> >>too
> >>harsh, let us know.
> >>
> >>--
> >>Posted By secreview to Professional IT Security Providers -
> >>Exposed at
> >>12/17/2007 10:28:00 AM
> Regards,
>      The Secreview Team
>      http://secreview.blogspot.com
>      Professional IT Security Service Providers - Exposed
>
> --
> Remove unsightly stains with high quality carpet cleaning. Click now!
>
> http://tagline.hushmail.com/fc/Ioyw6h4dY5DNELqoccKb12Rno3eu1RZZK7yiDLfbhc6Zy85DlxhPQU/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ