lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040308094311.A60580@maine.haze.net>
From: lumpy at the.whole.net (the lumpalaya)
Subject: Counter-Attacking hackers? Is this really a
 good idea?

Along these lines, I pulled up this website a couple days ago and noticed
that they list their "VP -- Technology & Security" as:

	Certified security specialist, member HTCIA, ISC2, previously at
	Motorola.

I am not seeing this pdf on their site anymore -- I thought it was what
you got if you clicked on the 'About Symbiot' link, but now it appears to
just reload their main page.

So, as far as the ISC2 certification, does that mean he is likely bound
to the ISC2 "code of ethics"?

I dont know if these have ever been enforced or anything like that, but
on the ISC2 site at:

	https://www.isc2.org/cgi/content.cgi?category=12

It dictates that youre supposed to:

	* Protect society, the commonwealth, and the infrastrucuture.
	* Act honorably, honestly, justly, responsibly, and legally.

Depending on how this product works, it could potentially break
both of those canons right?


Just a thought.

On Sun, 7 Mar 2004 technocrat@...h.ai wrote:

> This company...
>
> http://www.symbiot.com/
>
> Is claiming to have the "first IT security solution that can both repel
> hostile attacks on enterprise networks and accurately identify the malicious
> attackers in order to plan and execute appropriate countermeasures –
> effectively fighting fire with fire."
>
> Are these guys nuts? I'm not sure if this is a good idea or not. I don't
> want to promote them, but on the other hand this seems to be a topic
> that should be discussed by information security professionals. If the
> community as a whole thinks this is a good idea, then there should be
> some type of standard agreed to by the masses of administrators that
> will have to put up with the results of such a system.
>
> Again, just thought this should be openly discussed and that we should
> all be aware of it.
>
> I even thought about posting thier white papers to my personal site in
> an effort to stick to the 'discussion not promotion' agenda I have, but
> then I don't want to get 'Couter-Attacked' now do I ;)
>
> -Technocrat
>
>
>
> Concerned about your privacy? Follow this link to get
> FREE encrypted email: https://www.hushmail.com/?l=2
>
> Free, ultra-private instant messaging with Hush Messenger
> https://www.hushmail.com/services.php?subloc=messenger&l=434
>
> Promote security and make money with the Hushmail Affiliate Program:
> https://www.hushmail.com/about.php?subloc=affiliate&l=427
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>


Powered by blists - more mailing lists