<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-AU link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><i><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>“</span></i><i><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#252525'>We have the expertise and suite of crackers' tools to comprehensively check your <strong><span style='font-family:"Arial","sans-serif"'>computer internet security</span></strong>. This is done remotely for over 600 most obvious holes and we advise you and or your I.T. department of next steps.”</span></i><i><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p></o:p></span></i></p><p class=MsoNormal><i><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></i></p><p class=MsoNormal><i><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>“</span></i><i><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#252525'>Price does NOT include recommendation or remedy of problems, as this would require separate consultation and quotation if needed. I understand that there is no charge if the audit finds my LAN/WAN not to be vulnerable.”<o:p></o:p></span></i></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>$495 for an automated VA of ‘most obvious holes’ without any remediation advice seems a bit steep to me.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>If you absolutely must do security on the cheap, there are a slew of cheaper options ie </span><a href="http://www.qualys.com/forms/freescan/">http://www.qualys.com/forms/freescan/</a><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> AusNOG [mailto:ausnog-bounces@lists.ausnog.net] <b>On Behalf Of </b>Peter Tonoli<br><b>Sent:</b> Thursday, 21 November 2013 1:48 PM<br><b>To:</b> Andrew Yager<br><b>Cc:</b> ausnog@lists.ausnog.net<br><b>Subject:</b> Re: [AusNOG] Aust Info Sec?<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><div><blockquote style='border:none;border-left:solid #1010FF 1.5pt;padding:0cm 0cm 0cm 4.0pt;margin-left:3.75pt;margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal style='margin-bottom:12.0pt'><b><span style='color:black'>From: </span></b><span style='color:black'>"Andrew Yager" <andrew@rwts.com.au><br><b>To: </b>ausnog@lists.ausnog.net<br><b>Sent: </b>Thursday, 21 November, 2013 1:39:33 PM<br><b>Subject: </b>[AusNOG] Aust Info Sec?<o:p></o:p></span></p><div id="bloop_customfont"><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black'>Hi,<o:p></o:p></span></p></div><div id="bloop_customfont"><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black'><o:p> </o:p></span></p></div><div id="bloop_customfont"><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black'>I have a client who has just sent me an email that essentially contained:<o:p></o:p></span></p></div><div id="bloop_customfont"><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black'><o:p> </o:p></span></p></div><div id="bloop_customfont"><p class=MsoNormal><span style='font-size:11.5pt;font-family:"Calibri","sans-serif";color:black'>We have been getting cold calls from </span><span style='font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black'><a href="http://www.austinfosec.com/internet-security-audit" target="_blank"><span style='font-size:11.5pt;font-family:"Calibri","sans-serif";color:purple'>http://www.austinfosec.com/internet-security-audit</span></a></span><span style='font-size:11.5pt;font-family:"Calibri","sans-serif";color:black'> to do a no obligation network security review...it sounds rather sus to me so I wanted your advice.</span><span style='font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black'><o:p></o:p></span></p></div><div><p class=MsoNormal><span style='color:black'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='color:black'>Any thoughts on the legitimacy or otherwise of these guys?<o:p></o:p></span></p></div></blockquote><p class=MsoNormal><span style='color:black'>They answer the phone as "Exa web solutions" <<a href="http://www.exa.com.au/">http://www.exa.com.au/</a>>. Curious..<o:p></o:p></span></p><div><p class=MsoNormal><span style='color:black'><o:p> </o:p></span></p></div><p class=MsoNormal><span style='color:black'><br>-- <o:p></o:p></span></p><div><p class=MsoNormal><span style='color:black'>Peter Tonoli < <a href="mailto:peter@medstv.unimelb.edu.au">peter@medstv.unimelb.edu.au</a> > +61-3-9288-2399 <br>IT Manager <br>The University of Melbourne - Eastern Hill Academic Centre, St. Vincent's Institute and O'Brien Institute <o:p></o:p></span></p></div></div></div></div></body></html>