| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 26 Oct 2007 17:54:06 -0400 From: <whupass@...hmail.com> To: <full-disclosure@...ts.grok.org.uk>,<redhowlingwolves@...lsouth.net> Subject: Re: Google Sacure The truth about Sacure is that they have little to no capabilities or talent what so ever. Their website has been malfunctioning since well before August 2007 and they never caught it. Why would anyone hire a “Managed Security” company that can’t detect issues in their own network? How the hell are they going to detect issues in yours? Reference: http://lists.grok.org.uk/pipermail/full-disclosure/2007- October/067050.html Furthermore, Sacure has a broken customer portal. How would a “leader” in “Managed Security Services” not notice that their customer portal was broken? When you try to login to the portal you get an error that shows “Query failed : Table ‘sacure123.assessment’ doesn’t exist”. The obvious comes to mind; Sacure must not have any customers that use their “Managed Security Service”… so… how are they a leader again? In addition Sacure also claims that they are “Professional Security Service” experts. This is obviously bullshit. When you read through the materials on their website you find things like references to XSS (“Cross-Site Shipping”). What the fuck is that? Are they going to send UPS to assess your network? Last time I checked XSS was Cross-Site Scripting. Reference: http://lists.grok.org.uk/pipermail/full-disclosure/2007- October/067065.html I wish that people in the security community would take the time to expose the “fake” security companies like Sacure for what they really are. This would help innocent buyers who do not know any better to avoid companies like Sacure. It would help them to avoid being ripped off. Sacure… it’s a fucking joke. On Fri, 26 Oct 2007 00:27:34 -0400 scott <redhowlingwolves@...lsouth.net> wrote: >First off,it's on GoDaddy (dot)com.That should be the first >pointer. > > > >Michael Bann wrote: >> Maybe it's a joke. :-) >> >> Fabrizio wrote: >>> Way too much info. >>> >>> Let's map out some tables names now.... >>> >>> http://www.sacure.com/login_process.php >>> >>> On 10/25/07, *Juha-Matti Laurio* <juha-matti.laurio@...ti.fi >>> <mailto:juha-matti.laurio@...ti.fi>> wrote: >>> >>> >http://www.sacure.com/news/home/sacure-to-offer-security-staffing- >and-consulting-services/ >>> >>> generates the same result as well. >>> >>> - Juha-Matti >>> >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> <http://lists.grok.org.uk/full-disclosure-charter.html> >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >>> >>> ---------------------------------------------------------------- >-------- >>> >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists