I'm not really clear on how you are grading these companies. I've had
no personal experience with them but I don't decide a companies
quality of work simply by their website and what information I get
from some customer support person. These grades seem pointless and
frankly unfounded. You
Isn't ANY review subjective to opinion?I do not understand the basis of
this flame. It appears to me that a lot of the reviews on this site offer
some great insight into the companies being presented. Granted it is an
opinion, but that is what a blog is isn't it?
On 12/20/07, c0redump
Agreed. !!
I think theres a lot of 'fair play' with the secreview folks. -- We're
going to give Cybertrust a C but if you can convince us that they deserve
a different grade then we'll revise our opinion.
So they are open for rebuttals and to changing their opinions !
On Dec 20, 2007 9:55 AM,
Because its absurd to write a review for a service without actually
experiencing the service. The original poster's messages have only had
entertainment value, they've had no value from an information security
perspective. If you'd like to provide a link to your MSN profile and
facebook pages I'll
Yes, a blog is an opinion, typically. And a blog that reviews a
product, *tried
the product.* Seriously, find a blog that reviewed a product without
actually trying it, but almost purely by looking at the marketing material
on the product.
That's an incredibly fundamental difference which makes
Exactly. Your 'grading' is based on your personal opinion.
Do us all a favour and get a proper job.
- Original Message -
From: guiness.stout [EMAIL PROTECTED]
To: full-disclosure@lists.grok.org.uk
Sent: Thursday, December 20, 2007 2:05 PM
Subject: Re: [Full-disclosure] [Professional IT
What kind of grading scale will you use? A through F or maybe a 1 to
10 type scale? I am very interested in your services!
On Dec 20, 2007 10:09 AM, Kurt Dillard [EMAIL PROTECTED] wrote:
Because its absurd to write a review for a service without actually
experiencing the service. The
I am a pentester and IDS/IPS administrator for a large-ish security
firm. None of our tech staff worked on the corporate web site. We
are too busy, and frankly, it's just not my bag.
Public facing websites are usually outsourced to professional graphics
arts firms and developed under the
Public facing websites are usually outsourced to professional
graphics
arts firms and developed under the supervision of the Director of
Business Development. It's usually a solid pile of fluffy
buzzwords and crap.
Its sad how true this is. What makes it worse is half the time the
Director
Greetings list.
We've had an abundant amount of questions and challenges with
respect to the grades that we give to businesses. As a result we
will be posting a grade key on our site in the near future.
At the risk of being redundant, our opinions of companies are
formed by approaching the
You obviously haven't a clue as to what you are talking about. Our
readers are customers that have used the service of the vendors
before. To date, they agree that our reviews have been accurate
and very fair.
In conjunction with that, our reviews are usually the product of
analysis done
Trains,
Thank you for the good email. We'll take your suggestions into
consideration. We do already ask for sample reports, but the
questions that you provide later are great. Thanks again!
On Thu, 20 Dec 2007 10:20:57 -0500 trains [EMAIL PROTECTED]
wrote:
I am a pentester and IDS/IPS
That will come soon...
On Thu, 20 Dec 2007 10:32:51 -0500 guiness.stout
[EMAIL PROTECTED] wrote:
What kind of grading scale will you use? A through F or maybe a 1
to
10 type scale? I am very interested in your services!
On Dec 20, 2007 10:09 AM, Kurt Dillard [EMAIL PROTECTED]
wrote:
if this happened all FD members would go broke because they are kiddies who
rely on automated tools for everything
On Dec 19, 2007 3:59 PM, gmaggro [EMAIL PROTECTED] wrote:
..it would be a nice touch if everyone sent a few dollars to the
projects or authors of the security tools they use. I
Awesome,
So you were an RA Security customer, would you be willing to
answer a few questions that we have so that we can revise our post?
We don't want to post anything that is not accurate. Your help
would be very much appreciated and we'd keep you anonymous.
On Thu, 20 Dec 2007 11:49:23
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SecReview wrote:
Awesome,
... would you be willing to
answer a few questions that we have so that we can revise our post?
... and we'd keep you anonymous.
This is the most comedic statement on full disclosure this month.
I, too, will ask
Don, the origional poster is anonymous so its not actually that
funny.
On Thu, 20 Dec 2007 14:59:01 -0500 don bailey
[EMAIL PROTECTED] wrote:
SecReview wrote:
Awesome,
... would you be willing to
answer a few questions that we have so that we can revise our
post?
... and we'd keep you
I don't mind answering some questions, however we had used them for
a very basic scan so I couldn't tell you anything as far as their
more in-depth services.
Elazar
On Thu, 20 Dec 2007 14:45:04 -0500 SecReview
[EMAIL PROTECTED] wrote:
Awesome,
So you were an RA Security customer, would
On Dec 20, 2007 7:51 PM, reepex [EMAIL PROTECTED] wrote:
if this happened all FD members would go broke because they are kiddies who
rely on automated tools for everything
Don't forget there's a lot of fuzz-kiddies too.
--
Guasconi Vincent
Etudiant.
this means you, tom ferris
On Dec 20, 2007 10:51 AM, reepex [EMAIL PROTECTED] wrote:
if this happened all FD members would go broke because they are kiddies
who rely on automated tools for everything
On Dec 19, 2007 3:59 PM, gmaggro [EMAIL PROTECTED] wrote:
..it would be a nice touch if
On Thu, 20 Dec 2007 12:51:26 CST, reepex said:
if this happened all FD members would go broke because they are kiddies who
rely on automated tools for everything
It's always dangerous to extrapolate from yourself to all members.
pgpttE1SPY64Z.pgp
Description: PGP signature
nothing don ever does is useful or funny
On Dec 20, 2007 2:14 PM, SecReview [EMAIL PROTECTED] wrote:
Don, the origional poster is anonymous so its not actually that
funny.
On Thu, 20 Dec 2007 14:59:01 -0500 don bailey
[EMAIL PROTECTED] wrote:
SecReview wrote:
Awesome,
... would you be
The Domino Web Access Upload Module version 7.0.34.1 seems to suffer from a
memory corruption issue that may allow the execution of arbitrary code. By
setting the General_ServerName property and calling the
InstallBrowserHelperDll() function it MAY be possible to control the ECX
register and
This rating is based entirely off my personal feelings after reading several
of the emails you've sent out to the Full Disclosure list. I bring up the
following as my reasoning:
1.) What are your qualifications for reviewing these companies?
2.) Your criteria for review is clearly flawed.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1436-1[EMAIL PROTECTED]
http://www.debian.org/security/ dann frazier
December 20th, 2007
What I really want to know, is if a past customer (err - reader?) of sec
review surfaces with a negative opinion of them, will you adjust your grade
accordingly?
On Dec 20, 2007 1:20 PM, Sec Review Sucks [EMAIL PROTECTED]
wrote:
This rating is based entirely off my personal feelings after
Adobe released an article at their knowledge base regarding this issue.
# Socket connection timing can reveal information about network
configuration
http://kb.adobe.com/selfservice/viewContent.do?externalId=kb402956
The fix is to disable socket functionality for Flash Players version
=
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
reepex wrote:
nothing don ever does is useful or funny
On Dec 20, 2007 2:14 PM, SecReview [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
Don, the origional poster is anonymous so its not actually that
funny.
It's true that
You hax0red the hushmail and stole his ip address information thing?
Can I has your sploitz plz?
On Dec 20, 2007 5:35 PM, don bailey [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
reepex wrote:
nothing don ever does is useful or funny
On Dec 20, 2007 2:14 PM,
On Dec 20, 2007 6:35 PM, don bailey [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
reepex wrote:
nothing don ever does is useful or funny
On Dec 20, 2007 2:14 PM, SecReview [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
Don, the origional poster is
No, go read Secreview's responses to negative comments on his amusing blog.
He won't change a review based on an opposing opinion. The emails, blog, and
his small cadre of fans remind me of Steve Gibson lol. He has nothing on
the blog to suggest he has any qualifications. When asked what his
1.) What are your qualifications for reviewing these companies?
We are a team of security professionals that have been performing a
wide array of penetration tests, vulnerability assessments, web
application security services etc. One of our team members has
founded two different security
On Dec 20, 2007 4:06 PM, Dude VanWinkle [EMAIL PROTECTED] wrote:
...
WTF are you taking about Don? Of course hushmail is completely anonymous !
http://blog.wired.com/27bstroke6/2007/11/pgp-creator-def.html
that shit makes me laugh so hard...
transitive trust in some singular unknown
I've edited this document to remove ambiguous and self aggrandizing language.
On Dec 20, 2007 4:19 PM, SecReview [EMAIL PROTECTED] wrote:
1.) What are your qualifications for reviewing these companies?
We are a team of security professionals that have been performing a
wide array of
The evil .gov are gonna subpoena hushmail for his identity because he
told the sec review guy things about a company no one cares about...
Oh noes!
On Dec 20, 2007 6:32 PM, coderman [EMAIL PROTECTED] wrote:
On Dec 20, 2007 4:06 PM, Dude VanWinkle [EMAIL PROTECTED] wrote:
...
WTF are you
if this happened all FD members would go broke because they are kiddies
who rely on automated tools for everything
While this may be true, it doesn't mean that they couldn't be a useful
resource.
If you're a script kiddie and you have no money, maybe you have access
to devices that others
I was googling, looking for some answers, but I didn't find them, so I ask here:
- Has any online casinos' software ever been cracked?
- Who tests casinos' software for security purposes?
- Are their random number generators really random?
The answer to the last question should be obvious, but
On Dec 20, 2007 6:32 PM, Matteo G. [EMAIL PROTECTED] wrote:
... I ask here:
- Has any online casinos' software ever been cracked?
- Who tests casinos' software for security purposes?
- Are their random number generators really random?
- yes
- pen testers and imitators and sometimes a red
Please ignore this it was not meant for the list
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
/*
* This exploits a wierd state condition in Subversion = 1.4.4.
* When the incoming connection stack is filled via many incoming
* syns in concurance with shifting the rev_ptr struct over a
* variable gap of memory a boundary condition occurs which corrupts
* a func ptr to point
However, if you think hushmail = anonymity you're worse
at security than even I am. It's a funny coincidence that
there are two Elazars posting to full disclosure at one
time! I wonder if they're related?!?! HmmM!!m!M!Mm!M
Jackpot! Ill give you some of my UK lottery winnings once I get
them from
On 20 Dec 07, at 18:51, onion ring wrote:
snip
char sc[] =
\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90
\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90
\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90
You don't believe in TESO!
GO EXPLOIT BIND #!+$# AS A PIONEER!
Merry Christmas,
kcdarookie
--
Pt! Schon vom neuen GMX MultiMessenger gehört?
Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger?did=10
___
Full-Disclosure -
well,
clamav-milter prior to 0.91.2 //CVE-2007-4560
### black-hole.pl
### Sendmail w/ clamav-milter Remote Root Exploit
### Copyright (c) 2007 Eliteboy
use IO::Socket;
print Sendmail w/ clamav-milter Remote Root Exploit\n;
print Copyright
gmaggro wrote:
..it would be a nice touch if everyone sent a few dollars to the
projects or authors of the security tools they use. I have donated a bit
already to some of my favourites, but I'm only one person. Alot of folks
have worked hard to bring us some good shit, let's give a little
1.) What are your qualifications for reviewing these companies?
We are a team of security professionals that have been performing a
wide array of penetration tests, vulnerability assessments, web
application security services etc. One of our team members has
founded two different security
Yes, coderman, they may save you the 2.7 minutes of surf time for pr0n by
reviewing companies for you, but you are losing 30 minutes of pr0n time by
reading their reviews. Sorry you feel my review of secreview sucks, but I
strongly feel someone needs to speak up, as this is quite ridiculous.
On
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
===
Ubuntu Security Notice USN-559-1 December 21, 2007
mysql-dfsg-5.0 vulnerabilities
CVE-2007-3781, CVE-2007-5925, CVE-2007-5969, CVE-2007-6304
48 matches
Mail list logo
