Re: "PenTest" a container file

To:	"Thor (Hammer of God)" <thor@hammerofgod.com>
Subject:	Re: "PenTest" a container file
From:	Javier Fernández-Sanguino <jfernandez@germinus.com>
Date:	Mon, 29 Jan 2007 09:11:28 +0100
Cc:	PenTest <pen-test@securityfocus.com>
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	pentest-list2@consult.net
Delivered-to:	mailing list pen-test@securityfocus.com
Delivered-to:	moderator for pen-test@securityfocus.com
In-reply-to:	<C1D640DF.96A3%thor@hammerofgod.com>
List-help:	<mailto:pen-test-help@securityfocus.com>
List-id:	<pen-test.list-id.securityfocus.com>
List-post:	<mailto:pen-test@securityfocus.com>
List-subscribe:	<mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe:	<mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list:	contact pen-test-help@securityfocus.com; run by ezmlm
Organization:	Germinus XXI
References:	<C1D640DF.96A3%thor@hammerofgod.com>
Resent-date:	Mon, 29 Jan 2007 15:22:44 -0700 (MST)
Resent-from:	pen-test-return-1078483480@securityfocus.com
Resent-message-id:	<20070129222244.1DE341546FE@outgoing2.securityfocus.com>
Resent-sender:	listbounce@securityfocus.com
Sender:	listbounce@securityfocus.com
User-agent:	Thunderbird 1.5.0.9 (Windows/20061207)

Thor (Hammer of God) dijo:


modem.  I mean, what kind of application development company using their own
encryption algorithm would hire someone to crack it who has to post to
PenTest for advice on what his first steps should be?

You will be surprised at the number of companies (even govt's) that donot do proper background checking of the companies they hire forsecurity. Some companies/agencies just look at the money of the proposaland hire the cheapest guys around.

From my experience, some european companies that have to run auditsevery year (typically "summarised" to a pentest) and cannot repeat withthe same company until X years go by [1] will sometimes contract somevery lame company with good "presence" and no skills.


Regards

Javier

[1] Due to legitimate concerns of companies "getting comfortable" andnot doing proper work the second time around.


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
"PenTest" a container file, Julien Re: "PenTest" a container file, Steve Friedl Re: "PenTest" a container file, Benjamin Anderson Re: "PenTest" a container file, Thor (Hammer of God) Re: "PenTest" a container file, Javier Fernández-Sanguino <= Re: "PenTest" a container file, Jan Heisterkamp

Previous by Date:	RE: Password cracker tool, Walsh, Leo
Next by Date:	RE: Password cracker tool, Milind Nanal
Previous by Thread:	Re: "PenTest" a container file, Thor (Hammer of God)
Next by Thread:	Re: "PenTest" a container file, Jan Heisterkamp
Indexes:	[Date] [Thread] [Top] [All Lists]