Foundstone Shoe On Other Foot

Cimmer writes "One of the premier hack shops (to pun or not to pun) gets busted for unethically ethically hacking. After filing a lawsuit against former employee JD Glaser for supposedly jacking company source code, Foundstone gets nailed for massive internal software piracy. Tonight's entree: Foot in Mouth."

I cannot stand it when this happens.

[BoomerSooner]

Nothing worse than a software company that steals software. How the hell can someone who steals the exact thing they are trying to sell look at themselves in the mirror. Oh yea, I forgot we still have Republicans.

Hypocrites are such a waste of space.

bullshit

[Jerk+City+Troll]

The insanity of 'white-hat' security companies will surely come to an end sooner rather than later. Securing the corporate or home network simply isn't that difficult anymore.

So that's why networks are so secure today, right? It's quite an assumption to say that random IT people know how to do security auditing and hardening.

But today, they are simply usurped by competent system and network administrators and the forethought of coders to write code with security in mind.

Well, that's the problem. There are very few competent system and network admins and coders who keep security in mind. Also, even if they are competent, what about peer review? No matter how good you are, you should always have someone else check out your setup and/or work. There's always vulnerabilities.

By the way, you keep working on this assumption that no security problem exists in the computer industry. You insist upon it, but provide no facts or backup when the contrary is obvious from anyone with their finger on the tech industry pulse.

Tell the guy in the suit you want to sell him a network security auditing tool (or service), because he doesn't have the man power to do it in house. He may be willing to pay. Tell the manager of a group of coders you want to sell her your competence and third party viewpoint of the security of their code. She may be willing to pay. Tell me you want to sell me a 250,000 dollar piece of network auditing code, or scan my network from the outside to tell me where my vulnerabilities lie without knowing my network already, or bebop around my 30,000+ user network analyzing a bunch of known signatures and I'll tell you to go back to the drawing board and tell me why your first answer wasn't to invest in a competent enough staff to make you obsolete.

That auditing fee is chicken feed to huge corporations who have massive networks that require auditing. Foundstone isn't the kind of company that's going to provide a service for a Joe's Software Company with 10 employees. By the way, Foundstone does thorough audits, not just scanning your "network from outside to tell me where my vulnerabilkities lie without knowing my network already". Get a clue.

For every company to have an "in-house Foundstone" would be prohibitively expensive. Foundstone sells massive amounts of security experience to be applied to the job. You cannot just get that "in-house" for cheaper than what Foundstone offers. Also, Foundstone provides education services to help in-house people do a better job of analysis. Once again, you are clueless about Foundstone's business.

You, sir, are an idiot. Who moderated this rubbish up to 5?