lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 4 Oct 2008 21:04:55 -0400
From: "Jonathan Graves" <jgraves7821@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Paul Asadoorian is an idiot,
	just read his book or listen to the podcast.

I've seen the threads and messages the last few days and thought I would
chime in. I've been listening to Paul and Larry for some time now and have
always admired them and thought of them as experts in their field.

Then I listened closely..

Larry on the other hand does some cool ass shit. He makes potato guns and
hacks at hardware and such. He's posted some good content over the years.
Paul Asadoorian on the other hand has not.

Every podcast starts off with about 8 or 10 minutes of ads for various
vendors. I imagine Pauldotcom is very soft on these vendors especially if
anything negative every happened with them. The vendors certainly pay the
bills since Paul has been asking for work on his podcast. One podcast he
said he no longer had a job (fired? quit? he left it ambiguous actually) and
literally asked for work.

One of the podcast moments that sticks out in my mind is the OpenSSL
vulnerability. Paul did not understand the root of the problem and in fact
defended Debian and the person who inserted it. I believe he said that it
was confusing anyways, no one else caught it and that it wasn't that big of
a deal. He also said it would affect all other distros not just Debian.
Frankly anyone who defends Debian and their dubious practices and out of
date back ported packages clearly doesn't know much about what's going on in
the security world. I use ubiuntu but I patched as soon as it happened.
Their coverage of the issue was amature at best.

The technical inaccuracies don't end here. Just listen to more of the shows
and you can see clearly that they are making it up as they go along. They
seem to rely heavily on other people's work to derive their own content.
Every episode is just crappy editorial on slashdot and digg posts. if I
wanted commentary on slashdot and digg posts I'd read the comments on the
page themselves.

Paul and Larry are also very immature. Most of the time it is sophmoric dick
and fart jokes. I can't believe any real company actually pays them to
advertise for them on their show. The IRC channel is filled with retards who
ask ridiculous questions like "how do I setup nessus" or "how do I use
NETCAT?". Is Paul wants to be taken seriously he should stop hanging out
with neewbies.

If you want to see what listeners Pauldotcom has just check out their
forums. Look at the discussion and questions asked. You'll get a good feel
for the audience any "podcast" gathers.

As for the WRT54g Hacking book. Yes I noticed MIke Baker, the Author of
OpenWrt, gave the book bad remarks and even documented many mistakes in the
book that never ended up in his errata on his book's website.  I don't know
about you but the author of the book's subject should be an authority on
what is an error in the book and what isn't. The book was horribly written
and like someone else said most tutorials were stolen from Google, just
compare yourself and you'll see. The book itself is useless due to the fact
it was released literally the same month as when Kamikaze was released, the
book is about the old, now undeveloped and unsupported version White
Russian. Why he didn't work with the authors to release the book at the same
time as a stable release of Kamikaze is beyond me.

I guess this is the MOPDCB "Month of Pauldotcom Bugs". Full Disclosure is
not being kind to him this month, but I guess if he were any good and free
of controversy then no emails calling him out on fallacies would have
appeared anywhere.

Oh well..

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ