Re: Security Auditig companies?
CBI, Inc. still does audits. They're based in Boston, but I know the (only) tech who does the audits. He lives in Nashua and accompanied me to the last LUG meeting I was at. I *know* they could use the business, so feel free to contact them. http://www.cbi.net Brian * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Security Auditig companies?
On Tue, 2002-07-09 at 10:26, [EMAIL PROTECTED] wrote: > > >Counterpane definitely used to - I personally used them once. > > They seem to not do this anymore, since their website makes no > mention of it. They seem more narrowly focused on Managed Security > Monitoring services now. It doesn't surprise me that people have either stopped doing it or gone under. GTE used to do security auditing as well, and they abandoned it, too. It's a dangerous area, and a lot of companies and individuals have been sued for doing exactly what they were hired to do. It's even harder now, since even if you have a contract that allows you to break state and/or ferderal law, you can still be prosecuted. The loophole is that no one can agree to an illegal contract. So, even though you have permission to break the law, the permission isn't really their's to give. If they don't like your findings, or you prices, they just sue. C-Ya, Kenny -- "Tact is just *not* saying true stuff" -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Security Auditig companies?
On Tue, 9 Jul 2002 [EMAIL PROTECTED] wrote: > >And that other one was Belanos I had completely forgotten about > >@stake... I've heard good things there. > > Err, got a URL on Belanos? The obvious doesn't seem to work :) Looks like they've fallen off the map. Start up casualty, I guess. Bad lead, my apologies. Ben -- A sly rabbit will have three openings to its den. * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Security Auditig companies?
In a message dated: Tue, 09 Jul 2002 10:20:58 EDT Ben Boulanger said: >Counterpane definitely used to - I personally used them once. They seem to not do this anymore, since their website makes no mention of it. They seem more narrowly focused on Managed Security Monitoring services now. Good to know about them though :) Thanks! -- Seeya, Paul It may look like I'm just sitting here doing nothing, but I'm really actively waiting for all my problems to go away. If you're not having fun, you're not doing it right! * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Security Auditig companies?
In a message dated: Tue, 09 Jul 2002 10:20:58 EDT Ben Boulanger said: >And that other one was Belanos I had completely forgotten about >@stake... I've heard good things there. Err, got a URL on Belanos? The obvious doesn't seem to work :) Thanks! -- Seeya, Paul It may look like I'm just sitting here doing nothing, but I'm really actively waiting for all my problems to go away. If you're not having fun, you're not doing it right! * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Security Auditig companies?
On 9 Jul 2002, Kenneth E. Lussier wrote: > I don't think that Counterpane does this sort of work. They specialize > in managed security. SANS, I know, does not do this. SANS is an > educational and reaserch organization. They may be able to point you in > the right direction. Counterpane definitely used to - I personally used them once. I thought I remembered Bruce Schneier mentioning it at Black Hat, too. I thought SANS did, too... but yeah, could be wrong there. And that other one was Belanos I had completely forgotten about @stake... I've heard good things there. -- Vicious as a tigeress can be, she never eats her own cubs. * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Security Auditig companies?
I don't think that Counterpane does this sort of work. They specialize in managed security. SANS, I know, does not do this. SANS is an educational and reaserch organization. They may be able to point you in the right direction. Eeye-Digital Security does penetration testing and some code review. Personally, as an ISS certified something-or-other (I forget what class I took with them), I would avoid ISS at all costs. There tools really aren't that good, and there people rely solely on the tools rather than common sense. Kenny On Tue, 2002-07-09 at 10:07, Ben Boulanger wrote: > Counterpane provides this service. They're about the best in my opinion, > but I believe SANS does it too? I'd have to look that one up. If you > want the best, Counterpane... If cost is a big factor, you can usually > find people around who do this type of thing as a consultant. > > I -believe- Belsarius (sp?) used to do this and was based out of this > area, but it's been awhile since I've checked on them. > > Ben > > > On Tue, 9 Jul 2002 [EMAIL PROTECTED] wrote: > > > > > Hi all, > > > > Does anyone have any experience working with companies who do > > penetration testing, code review, and general security audits for > > products? > > > > At my current place of employment we have a product which we would > > like to have reviewed and tested by an outside party. However, the > > only company mentioned was ISS, who, if you remember were the folks > > responsible for the Apache fiasco a month or so back. > > > > If anyone has any recommendations, please let me know. > > > > Thanks > > > > > > > > -- > > Like playing a harp before a cow... > > > * > To unsubscribe from this list, send mail to [EMAIL PROTECTED] > with the text 'unsubscribe gnhlug' in the message body. > * -- "Tact is just *not* saying true stuff" -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Security Auditig companies?
Hi, I would highly recommend @STAKE in Boston. They have a great reputation, and they employ some of the best security people in the world (Dr. Mudge, among others). When they break into your systems, they will give you a full report of how they did it, and how to fix it. They will also do code review, process review, etc. FYI, Kenny On Tue, 2002-07-09 at 10:00, [EMAIL PROTECTED] wrote: > > Hi all, > > Does anyone have any experience working with companies who do > penetration testing, code review, and general security audits for > products? > > At my current place of employment we have a product which we would > like to have reviewed and tested by an outside party. However, the > only company mentioned was ISS, who, if you remember were the folks > responsible for the Apache fiasco a month or so back. > > If anyone has any recommendations, please let me know. > > Thanks > > > -- > > Seeya, > Paul > > It may look like I'm just sitting here doing nothing, >but I'm really actively waiting for all my problems to go away. > >If you're not having fun, you're not doing it right! > > > > * > To unsubscribe from this list, send mail to [EMAIL PROTECTED] > with the text 'unsubscribe gnhlug' in the message body. > * -- "Tact is just *not* saying true stuff" -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Security Auditig companies?
Counterpane provides this service. They're about the best in my opinion, but I believe SANS does it too? I'd have to look that one up. If you want the best, Counterpane... If cost is a big factor, you can usually find people around who do this type of thing as a consultant. I -believe- Belsarius (sp?) used to do this and was based out of this area, but it's been awhile since I've checked on them. Ben On Tue, 9 Jul 2002 [EMAIL PROTECTED] wrote: > > Hi all, > > Does anyone have any experience working with companies who do > penetration testing, code review, and general security audits for > products? > > At my current place of employment we have a product which we would > like to have reviewed and tested by an outside party. However, the > only company mentioned was ISS, who, if you remember were the folks > responsible for the Apache fiasco a month or so back. > > If anyone has any recommendations, please let me know. > > Thanks > > > -- Like playing a harp before a cow... * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
