lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <549610.59561.qm@web59615.mail.ac4.yahoo.com>
Date: Thu, 2 Oct 2008 10:05:32 -0700 (PDT)
From: Trevow Andrews <trevorandrws3456@...oo.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Paul Asadoorian of PaulDotCom Enterprises /
	Podcast is ridiculous

Damn Tor... this is the full message 

I just listened to a bunch more recent episodes. The episodes are horrible. Paul Asadoorian is a horrible interviewer. 

A
bunch of us were out in Vegas last night and we found a few more people
who read the comment on Full Disclossure. We were all talking about
Pauldotcom and how we think Larry is getting the shit end of the stick.
Who names a company after themselves? never mind DotCom in the title.
This isn't 1994 anymore.

We clearly saw from his embedded device
talk that he doesn't know what he's talking about. Has ANYONE of you
fanboys actually listened to his podcast? It's just ridiculous. This
guy is the biggest fake, no surprise he's involved with SANS or has a
podcast. If anyone has ever hung out in his IRC channel or been to his
Forum you'll see that it is nothing but idiots asking questions about
MetaSploit GUI or Nessus. This stuff bothers me.. that there are people
out there. Pauldotcom is the AmWay of security, and everyone who
listens to him is part of the pyramid scam. 

For those who
defend him against his book. I looked around and found Mike Baker the
author of Kismet gave his book a negative review pointing out
inaccuracies and problems with the book. Paul pretty much copied and
pasted most of the book without checking of commands were right. None
of these problems pointed out by the author of the subject of his book
are listed in his Eratta on his website. I don't know who does his
website but it's retarded and looks like a 12 year old did it, so I
assume Paul did it himself.

http://www.amazon.com/review/product/1597491667/ref=cm_cr_dp_hist_3?_encoding=UTF8&filterBy=addThreeStar

First
of all, it would seem all kamikaze releases were just snapshots of the
SVN. If Paul just worked with the authors of Openwrt they could have
timed the book release with the release of a kamikaze snapshot. If you
look at the dates of Kamikaze releases and when Paul's book came out
you'll see they were less than a month apart. When the book came out
White Russian development seemed to have ended. So either Paul didn't
bother to check with or work with the authors of OpenWrt or he made
some poor decisions. Either way there is no excuse. Kamikaze was in SVN
for like 2 years before the snapshot came out with no real changes, the
book could have covered Kamikaze without any issues. I'm no Openwrt
expert but just looking at the dates on the OpenWrt page tells me it
could have been done. But whatever.

I'm sitting here in this
shitty class right now. Forensics. I see Paul running around from time
to time and I think he's seen my message. I wonder if he's tried to
look me up at the Sans registration. I think it would be funny if he
confronted me about my comments.




--- On Wed, 10/1/08, Valdis.Kletnieks@...edu <Valdis.Kletnieks@...edu> wrote:
From: Valdis.Kletnieks@...edu <Valdis.Kletnieks@...edu>
Subject: Re: [Full-disclosure] Paul Asadoorian of PaulDotCom Enterprises / Podcast is ridiculous
To: "Trevow Andrews" <trevorandrws3456@...oo.com>
Cc: full-disclosure@...ts.grok.org.uk
Date: Wednesday, October 1, 2008, 8:29 PM

On Wed, 01 Oct 2008 08:59:16 PDT, Trevow Andrews said:

> No real research has even come out of Paul and Larry

And? So? You *do* realize that "kick-ass researcher" doesn't
directly imply
"kick-ass teacher", right?  Quite often, the best researchers make
*really bad*
teachers, because the same autism-spectrum and ADD issues that allow them to
focus on things when researching mean they *suck* at presentations.  If
you've ever been to college, and gotten somebody who's got a zillion
papers
published, but the class sucks because they can't lecture well, you've
seen
this in action.

The second issue is that teaching chews incredible amounts of time, and
directly impacts how much, if any, research you do - if you're on the road
3 weeks of the month teaching, I guarantee that you'll not get much done
the
other week.  Sure, you may have spent 3 weeks teaching a *lot* of people a
*lot* of material, and had them all actually remember it - but your research
schedule takes a hit.

The third thing to keep in mind is that "bleeding edge" doesn't
always (and
in fact rarely, if ever) correspond to what's out in the real world. OK, so
you're peeved because the guy talked about WRT54G and didn't cover
Kamikazi.
Have you bothered to actually *check* what the relative percentages *actually
in use* are?  Yeah, Kamikazi may be cool, shiny, and uber-leet - but if
it's
only got 5% market share and WRT54G has 95%, maybe he shouldn't be spending
a lot of time covering Kamikazi.

Yes, SANS presentations often lag behind what's the cutting edge - but
they're
teaching people about stuff they're likely to actually encounter.  When
they
send new cops to police school, they rarely spend lots time on how to pull over
a Ferrari, but they're hopefully going to learn a *lot* about all the
little
details of pulling over a pickup truck (where to look for stuff in "plain
sight", where weapons may be stashed, etc).  Why? Because they're
going to be
pulling over dozens of pickup trucks a week, and maybe *once* in their lifetime
they're going to get to pull over a Ferarri.

You remember that big horrible DNS hole from a few weeks ago?  How many you
seen in the wild so far?  And how many system you seen that actually gotten
whacked with a 4-year-old SQL exploit?

Yep, thought so.

(For all I know, these guys may indeed be sucky presenters *and* sucky
researchers - but I'm getting tired of the  meme that it has to be taught
by a "leading researcher" for it to be of use - especially when
you're trying
to teach nuts-n-bolts security to Joe Corporate.  And if you think it's
that
easy to teach - start doing it.  Undercut SANS, charge only $1000 per head,
teach a class of 20 a week.  You're looking at $80K of income *a month*.
Now ask yourself why there aren't *more* people doing it...)





      
Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ