[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4b6ee9310810011430o24af4b30r8dd9e845ead63c54@mail.gmail.com>
Date: Wed, 1 Oct 2008 22:30:13 +0100
From: n3td3v <xploitable@...il.com>
To: full-disclosure@...ts.grok.org.uk, n3td3v <n3td3v@...glegroups.com>
Subject: Re: Paul Asadoorian of PaulDotCom Enterprises /
Podcast is ridiculous
On Wed, Oct 1, 2008 at 9:29 PM, <Valdis.Kletnieks@...edu> wrote:
> On Wed, 01 Oct 2008 08:59:16 PDT, Trevow Andrews said:
>
>> No real research has even come out of Paul and Larry
>
> And? So? You *do* realize that "kick-ass researcher" doesn't directly imply
> "kick-ass teacher", right? Quite often, the best researchers make *really bad*
> teachers, because the same autism-spectrum and ADD issues that allow them to
> focus on things when researching mean they *suck* at presentations. If
> you've ever been to college, and gotten somebody who's got a zillion papers
> published, but the class sucks because they can't lecture well, you've seen
> this in action.
>
> The second issue is that teaching chews incredible amounts of time, and
> directly impacts how much, if any, research you do - if you're on the road
> 3 weeks of the month teaching, I guarantee that you'll not get much done the
> other week. Sure, you may have spent 3 weeks teaching a *lot* of people a
> *lot* of material, and had them all actually remember it - but your research
> schedule takes a hit.
>
> The third thing to keep in mind is that "bleeding edge" doesn't always (and
> in fact rarely, if ever) correspond to what's out in the real world. OK, so
> you're peeved because the guy talked about WRT54G and didn't cover Kamikazi.
> Have you bothered to actually *check* what the relative percentages *actually
> in use* are? Yeah, Kamikazi may be cool, shiny, and uber-leet - but if it's
> only got 5% market share and WRT54G has 95%, maybe he shouldn't be spending
> a lot of time covering Kamikazi.
>
> Yes, SANS presentations often lag behind what's the cutting edge - but they're
> teaching people about stuff they're likely to actually encounter. When they
> send new cops to police school, they rarely spend lots time on how to pull over
> a Ferrari, but they're hopefully going to learn a *lot* about all the little
> details of pulling over a pickup truck (where to look for stuff in "plain
> sight", where weapons may be stashed, etc). Why? Because they're going to be
> pulling over dozens of pickup trucks a week, and maybe *once* in their lifetime
> they're going to get to pull over a Ferarri.
>
> You remember that big horrible DNS hole from a few weeks ago? How many you
> seen in the wild so far? And how many system you seen that actually gotten
> whacked with a 4-year-old SQL exploit?
>
> Yep, thought so.
>
> (For all I know, these guys may indeed be sucky presenters *and* sucky
> researchers - but I'm getting tired of the meme that it has to be taught
> by a "leading researcher" for it to be of use - especially when you're trying
> to teach nuts-n-bolts security to Joe Corporate. And if you think it's that
> easy to teach - start doing it. Undercut SANS, charge only $1000 per head,
> teach a class of 20 a week. You're looking at $80K of income *a month*.
> Now ask yourself why there aren't *more* people doing it...)
>
I take it we can safely say Valdis is a fanboy of Sans and Pauldotcom
then! Its a shame nobody else is.. ;)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists