|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Adriel T. Desautels (ad_lists
netragard.com)
Date: Fri Jul 17 2009 - 21:52:26 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
That makes good sense Mike, point well taken. But for a security
company that offers penetration testing and
claims to have their services driven by manual testing, wouldn't it
benefit them to release research in the form
of advisories, and dare I say in some cases, exploits? It could very
well be different for individuals, can't argue
with your point there.
On Jul 17, 2009, at 10:19 PM, Mike Messick wrote:
>
> A couple of thoughts on this:
>
> Sometimes employers prohibit employees from using their real names
> if it
> can tie them back to where they work, for legal and other reasons
> (like
> people associating the employer with the researcher even though the
> researcher did all work on their own time.) Some employers cannot
> afford
> to have this happen because of the public perception that the employer
> somehow sponsored the work.
>
> Imagine if I work for the FBI and in my own time I develop some way to
> crack wireless networks in very short order. Even though my
> employer had
> no participation in this effort, when someone "discovers" where I work
> and it gets slogged through Wired or /. the entire world then thinks
> the
> Feds are out to get them.
>
> I have several friends who perform some amazing security research
> and due
> to where they work they are not able to use their real names when
> releasing findings/products to the community. I have yet to find
> anything underhanded about them, their work, or their employer.
>
> Hope this helps,
> -Mike.
>
> On Fri, 17 Jul 2009, Adriel T. Desautels wrote:
>
>> You are an individual researcher. And why might I ask do you need to
>> hide behind an alias? If you
>> do research that is both legal and ethical and if you follow the best
>> practices that you can follow, then
>> why wouldn't you want your name associated with your hard work?
>>
>>
>> On Jul 17, 2009, at 8:21 PM, Stack Smasher wrote:
>>
>>>
>>> I think this discussion is seriously flawed. I am a security
>>> researcher who uses several different online aliases when I am
>>> interviewed so I can speak without the fear of corporate or legal
>>> repercussions. My professional person is never tied to my online
>>> presence.
>>>
>>>
>>> I like it better that way.
>>>
>>>
>>>
>>>
>>>
>>> On Fri, Jul 17, 2009 at 7:05 PM, Tim <tim-
>>> pentestsentinelchicken.org> wrote:
>>>> Anyway, I didn't say Only use facebook did I? Use any means
>>>> possible. Bottom line is though, if the company has researchers,
>>> then
>>>> the company will have published advisories. If they've done that,
>>> then
>>>> you should be able to get a good idea of their capability by doing
>>>> research on their research.
>>>
>>> Yeah, I agree that something novel should be getting generated.
>>> Perhaps a better way to go about obtaining it, is simply to ask your
>>> vendor what research their consultants have published. For instance
>>> most of what I publish isn't tied directly to my company as I do
>>> quite
>>> a bit of it on my own time.
>>>
>>>
>>>> Btw, if you comment on the blog, I might post it. :)
>>>
>>> Call me old school, but I actually like mailing lists...
>>>
>>> cheers,
>>> tim
>>>
>>> ------------------------------------------------------------------------
>>> This list is sponsored by: Information Assurance Certification
>>> Review Board
>>>
>>> Prove to peers and potential employers without a doubt that you can
>>> actually do a proper penetration test. IACRB CPT and CEPT certs
>>> require a full practical examination in order to become certified.
>>>
>>> http://www.iacertification.org
>>> ------------------------------------------------------------------------
>>>
>>>
>>>
>>>
>>> --
>>> "If you see me laughing, you better have backups"
>>>
>>>
>>
>>
>>
>> Adriel T. Desautels
>> ad_listsnetragard.com
>> --------------------------------------
>>
>> Subscribe to our blog
>> http://snosoft.blogspot.com
>>
>>
>> ------------------------------------------------------------------------
>> This list is sponsored by: Information Assurance Certification
>> Review Board
>>
>> Prove to peers and potential employers without a doubt that you can
>> actually do a proper penetration test. IACRB CPT and CEPT certs
>> require a full practical examination in order to become certified.
>>
>> http://www.iacertification.org
>> ------------------------------------------------------------------------
>>
>
>
Adriel T. Desautels
ad_listsnetragard.com
--------------------------------------
Subscribe to our blog
http://snosoft.blogspot.com
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]