lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <d141dfb90902230828h6ba0c8aah74aae6e426e0fc20@mail.gmail.com>
Date: Mon, 23 Feb 2009 11:28:16 -0500
From: Smoking Gun <pentesterkunt@...il.com>
To: Michael Krymson <krymson@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [SCADASEC] 11. Re: SCADA Security - Software
	fee's

On Mon, Feb 23, 2009 at 10:26 AM, Michael Krymson <krymson@...il.com> wrote:
>
>
> On Mon, Feb 23, 2009 at 8:57 AM, Smoking Gun <pentesterkunt@...il.com>
> wrote:
>>
> Blah blah gross personal speculation blah...
>
> At any rate, if CEO Cloe decides to hire a pen-tester for $1,000 and gets
> back a scan with some dumpy reports on it (sorry, it's not a SmokingGun
> report that shakes the ground and makes angels weep), where is the real
> breakdown here? Did she not get something in return? Was she underpaying and
> thus getting Crazy Eddie crap? Was her expectation skewed? Or maybe is her
> resultant declaration that her company is fully secure after that scan
> ludicrous?


The real breakdown here comes from Cloe soliciting the services of someone
who is labeling themselves an expert. This whole "Walmart" style penetration
tester in a box theme being promoted by underclued individuals and marketed
to the industry is devaluing the work many have worked hard to perfect. Many
have given countless hours, codes, write-ups, seminars you name it. There is
nothing wrong with making a euro, dollar, baht, don't mistake this but when
there are mission critical applications and institutions at hand, that buck
should take a backseat for the security of lives - or did you miss the subject
portion of SCADA Security.


-- 
Making no mistakes is what establishes the certainty of victory, for
it means conquering an enemy that is already defeated. - Sun Tzu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ