lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <6450e99d0508210326e3271dc@mail.gmail.com>
Date: Sun Aug 21 11:26:57 2005
From: ivanhec at gmail.com (Ivan .)
Subject: Re: MS not telling enough - ethics

>: Well done, anyone else who knows of people committing fraud against isc2
>: should report them. Unfortunately I don't think its feasible for isc2 to
>: check everybody.
>Oh, how coincidental..

What do you suggest? that they check everyone who passes the exam? 

>Ethics Complaint Procedures [0]
so whats your complaint? people passing the exam, gaining the cert
without the relevant experience?
or now the ethics complaint handling procedure? 

> You are so proud of our certification, you won't even list yourself in
> the (ISC)2 directory so that we can verify you even hold the
> certification! [2]

yep, you must be on crack?

https://www.isc2.org/cgi-bin/cert_verification.cgi?displaycategory=1300

CERTIFICATION VERIFICATION SEARCH RESULTS
Ordered by Last Name
Back to Certificate Verification page.

Name: 	Ivan Coric
Brisbane
Certification(s): 	CISSP


> Best for who?! Oh yes, for you since you hold it. And best for those
> issuing it, since they profit directly from the certification and the
> yearly 'renewal' fee. The fact is, (ISC)2 and the CISSP certification is a
> marketing ploy and money maker. It is *not* in their best interest to
> allow the credibility of their certification to be tarnished for any
> reason, even when criminals are 'earning' it.

yeah it's good for me, and yes because I hold it. Your a smart fellow,
have a lolly.

Hopefully someone from ISC2 can reply to the list and address your concerns.

cheers
Ivan

On 8/19/05, security curmudgeon <jericho@...rition.org> wrote:
> 
> : Well done, anyone else who knows of people committing fraud against isc2
> : should report them. Unfortunately I don't think its feasible for isc2 to
> : check everybody.
> 
> Oh, how coincidental..
> 
> : They do random credential checking and I should I know, since I was
> : audited after I passed the exam.
> 
> Ethics Complaint Procedures [0]
> 
> The board and its agents undertake to keep the identity of the complainant
> and respondent in any complaint confidential from the general public.
> 
> [..]
> 
> The board will consider only complaints that specify the canon of our code
> that has been violated.
> 
> [..]
> 
> Complaints will be accepted only from those who claim to be injured by the
> alleged behavior. While any member of the public may complain about a
> breach of Canon I, only principals may complain about violations of Canons
> II and III, and only other professionals may complain about violations of
> Canon IV.
> 
> [..]
> 
> All complaints must be in writing. The board is not an investigative body
> and does not have investigative resources. Only information submitted in
> writing will be considered.
> 
> [..]
> 
> Complaints and supporting evidence must be in the form of sworn
> affidavits. The board will not consider other allegations.
> 
> [..]
> 
> Where there is disagreement between the parties over the facts alleged,
> the ethics committee, at its sole discretion, may invite additional
> corroboration, exculpation, rebuttals and sur-rebuttals in an attempt to
> resolve such dispute. The committee is not under any obligation to make a
> finding where the facts remain in dispute between the parties. Where the
> committee is not able to reach a conclusion on the facts, the benefit of
> all doubt goes to the respondent.
> 
> [..]
> 
> Discipline of certificate holders is at the sole discretion of the board.
> Decisions of the board are final.
> 
> --
> 
> Ok, let me translate this for you:
> 
>   Keep it private, for your own good, we swear! This way the complaint is
>   kept out of public scrutiny. You have to clearly define what canon was
>   violated, even though they are general and vague. You must personally be
>   injured to complain, even though breaking any of the four canons may not
>   directly harm one individual! You must submit said complaint in writing,
>   and the board does not have time to investigate your complaint at all.
>   Such complaints must be in the form of sworn affidavits [1], signed by a
>   notary as witness to your signature etc. If there is any dispute of
>   facts, which is entirely up the to the (ISC)2 board, it is entirely
>   their discretion whether to act on or continue the process. The board
>   may arbitrarily decide not to pursue or consider additional evidence,
>   will make no effort to research the matter themselves, and drop the
>   matter without further consideration. Even if the board finds someone
>   guilty of breaking one of the canons, the board will decide what
>   punishment, if any, is appropriate, including 'none'.
> 
> How many hoops does one have to jump through to file a complaint that will
> actually be considered?! Should I slice my wrists and bleed all over the
> signed and notarized document in case they need a blood sample or DNA?
> Does the complaint need to be shouted out from town square right after
> slaughtering a chicken while juggling hedgehogs? I mean really, how many
> ways can they make this process counter-productive and full of backdoors
> so the 'board' can simply ignore your complaint?
> 
> : Ivan Coric, CISSP
> 
> You are so proud of our certificiation, you won't even list yourself in
> the (ISC)2 directory so that we can verify you even hold the
> certification! [2]
> 
> : The CISSP cert is the best security cert around, without a doubt.
> 
> Best for who?! Oh yes, for you since you hold it. And best for those
> issuing it, since they profit directly from the ceritification and the
> yearly 'renewal' fee. The fact is, (ISC)2 and the CISSP certification is a
> marketing ploy and money maker. It is *not* in their best interest to
> allow the credibility of their certification to be tarnished for any
> reason, even when criminals are 'earning' it.
> 
> 
> security curmudgeon
> 
> [0] https://www.isc2.org/cgi-bin/content.cgi?page=176
> [1] http://en.wikipedia.org/wiki/Affidavit
> [2] https://www.isc2.org/cgi-bin/directory.cgi?displaycategory=503
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ