lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 3 Oct 2008 20:42:59 -0400
From: "Stephen Northcutt" <stephen@...s.edu>
To: <full-disclosure@...ts.grok.org.uk>
Subject: Re: Paul Asadoorian of PaulDotCom Enterprises

From: Trevow Andrews <trevorandrws3456@...oo.com>

Date: Wed, Oct 1, 2008 at 11:59 AM

Subject: [Full-disclosure] Paul Asadoorian of PaulDotCom Enterprises

/     Podcast is ridiculous

To: full-disclosure@...ts.grok.org.uk

 

= = = Stephen Northcutt here. I tried a couple variations of Trevor Andrews
and did not find such a person registered with the SANS NS2008 conference. I
realize I am old school, but making personal attacks while masking one's
identity, was considered cowardice back when I was doing security research.
The embedded talk has been given before, so it might be a shade off cutting
edge; I have had to give a "recycled" talk a time or two myself; sometimes
you just run out of time. As an author of a number of security books, I know
that aging book problem well. The book is aging even as you write it and
then it is printed and getting out of date more each day; eventually you
wish it would just disappear maybe in the future they can figure out some
sort of TTL. As far as Paul not knowing anything, I can attest that is not
correct. We are running a red team/blue team exercise here (ICE II) and both
Paul and Larry are contributing in the live fire exercise. I spoke with Tim
Rosenberg of Whitewolf ( the people that have been putting on cyber
exercises back when Infowarcon was still around and currently for the DoD
and for a  number of the college competitions) and Tim spoke highly of their
contributions.

 

= = = Now a note to the poster. I am here, I am staying in the hotel, feel
free to give my room a call tomorrow, I am booked 1 - 2 PM and at 6 PM, but
otherwise looking forward to working on some things that fell behind this
week. I am happy to talk with you to better your concerns, but surely you
understand I can't accept your guidance as is. When I read your note it
appears that you have a personal problem with Paul; that is not a
professional analysis. I hope you will take me up on this offer, I can even
spring for a refreshing beverage. Thanks.

 

I'm sorry, I just saw his talk at NS2008 on Embedded Device Security and it
is wholely outdated. I can't believe people listen to this man talk. He's
been going on this embedded device security thing for years now and it's all
years old. His book on hacking WRT54G, which was at SANS, had nothing about
the new OpenWRT Kamikaze release, but was instead about the old White
Russian release. Way to stay with the times buddy. Me and a few students
noticed many of the tutorials were directly copied from tutorials on the
internet.

 

This speaks really bad for Sans. I'm here because my employer in the
financial industry sent me, and it's been nothing but shit. I tried
listening to the PaulDotCom podcast and it's riddled with inaccuracies and
passive agressive fights bewteen Larry and Paul over which name is on the
show title. Pauldotcom... have an ego much Paul?

 

I wouldn't hire Paul Asadoorian or Pauldotcom Enterprises to pen test an
Apple 2, he wouldn't be able to because there are no Core Security wizards
to test against an Apple 2.

 

His technical ability is that of a freshman at a technical college. He
repeatedly makes mistakes and clearly doesn't know much about advanced
security techniques outside of mass GUI pen testing suites. I think even
having a podcast knocks anyone down a few points, but having a podcast and
failing at the subject matter is just gross negligence.

 

No real research has even come out of Paul and Larry, no real anything has
ever come out of Paul and Larry except for advertisments and bumps.

 

Larry Pesce is obviously the brains behind Pauldotcom. He is the only person
who has actually made original things and done original research.

 

Larry if you read this, go off on your own, Paul is dragging you down.

 

I hope Sans reconsiders Paul's talks in the future, they are overly boring
and out of date.

 

Stephen Northcutt, President

The SANS Technology Institute (www.sans.edu)

808.823.1375

 

Network Security 2008  - Las Vegas, NV, Sept.28-Oct 6;
http://www.sans.org/info/30123

 

"SANS is my preferred training to meet DOD 8570. Training offered by SANS
pertains to best practice so rubber hits the road". Mike Emmons, USMC

 


Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists