| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 31 Dec 2007 20:36:49 -0700 From: "Andre Gironda" <andreg@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: [Professional IT Security Providers - Exposed] QuietMove ( D - ) On Dec 31, 2007 2:13 PM, secreview <secreview@...hmail.com> wrote: > Not sure about our readers, but to us at Secreview that hardly > makes Adam an IT Security Expert. > > But wait, now we have a discrepancy... Pardon me, but who is this? "secreview"? Who is behind this email address? If you don't identify yourself then I assume that this entire thread is some sort of vengeance play. > According to the QuietMove website, Adam "has over 14 years of experience in > information security, software, and product R&D with 8 years being dedicated > solely to security." His QuietMove bio goes on to say "Adam's particular > talents include penetration testing of web and binary applications, > networks, systems, and SCADA, "social engineering" and physical penetration > of facilities, and in developing professional services offerings." > > This just doesn't add up. I can vouch for Adam's 14 years of experience and then some. When I met Adam in 1992, he already had a strong command of Unix security. He was an administrator (1 of 4 total over 7 years) of Unphamiliar Territories (UPT), a vulnerability research BBS that ran from 1989 - 1996. It was a prominent place for information about vulnerability research. Many held it in higher regard than Phrack magazine or any leading website/magazine during that time period. Sites such as PullThePlug, HackThisSite, etc all borrowed ideas from UPT, and the code was re-used and made available in Phrack magazine as well as integrated into the Linux kernel or features thereof. UPT was about 5-6 years ahead of the NSA before they released SELinux and 7-8 years ahead of projects such as GRSecurity. Anyone making such an enormous contribution to this sort of project has certainly provided a greater service to our industry than a "secreview"/company-bashing organization such as yourself. > Anyway, remember we didn't set out to bash anyone here Well then you should read your email before you hit the "send" button. > but Adam/QuietMove > put himself/themselves in the line of fire. QuietMove appears to be a very > small and disorganized shop. Their website is half-assed and incomplete and > we can't say anything better about their talent profile. We suggest that > QuietMove complete their website and review their talent profile, then we'll > set out to do another review and see if they score better. As of right now, > we can't give them more than a D-. We'll keep an eye on their website and > redo this review if they ever fix their issues. Many small businesses such as QuietMove have a hard enough time staying alive in this industry. I suggest you "pick on someone your own size" even if you have a legitimate problem with QuietMove or Adam. Compared to the other companies that you mentioned (Accuvant, IBM/ISS, Pegasus), QuietMove will certainly provide a much more friendly service environment for companies to work in. I would put my recommendation of quality on the work QuietMove does as A+. There are few PCI ASV's or penetration testing companies that I would find any value in -- and QuietMove exceeds my expectations in this area. Cheers, Andre _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists