<div dir="ltr">Sure they will tell you the next steps. They will tell you you should pay up for them to help you to fix the problems. <div><br></div><div>I like how they say they won't charge if they find no problems. I would love to get them to do an audit of a blackholed IP to see if they actually find any vulnerabilities :)</div>

<div><br></div><div>--Damian</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Nov 21, 2013 at 1:18 PM, Colin Stubbs <span dir="ltr"><<a href="mailto:colin.stubbs@equatetechnologies.com.au" target="_blank">colin.stubbs@equatetechnologies.com.au</a>></span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><br></div><div>I'm not entirely sure what they'll do beyond failing Introductory English and Marketing 101,</div>

<div><br></div><div>"advise you and or your I.T department of next steps" != "Price does not include recommendation or remedy of problems"</div>
<div><br></div><div>And only 600? Are they using a 10 year old version of Nessus? Even OpenVAS now reportedly checks for 30,000+ problems. </div><div><br></div><div>A bigger number on that page would definitely convince me to give them money.<div class="gmail_extra">



<br><br><div class="gmail_quote"><div><div class="h5">On 21 November 2013 14:47, Pinkerton, Eric (AU Sydney) <span dir="ltr"><<a href="mailto:Eric.Pinkerton@baesystemsdetica.com" target="_blank">Eric.Pinkerton@baesystemsdetica.com</a>></span> wrote:<br>


</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div lang="EN-AU" link="blue" vlink="purple"><div><p class="MsoNormal"><i><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">“</span></i><i><span style="font-size:9.0pt;font-family:"Arial","sans-serif";color:#252525">We have the expertise and suite of crackers' tools to comprehensively check your <strong><span style="font-family:"Arial","sans-serif"">computer internet security</span></strong>. This is done remotely for over 600 most obvious holes and we advise you and or your I.T. department of next steps.”</span></i><i><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u><u></u></span></i></p>


<p class="MsoNormal"><i><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></i></p><p class="MsoNormal"><i><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">“</span></i><i><span style="font-size:9.0pt;font-family:"Arial","sans-serif";color:#252525">Price does NOT include recommendation or remedy of problems, as this would require separate consultation and quotation if needed. I understand that there is no charge if the audit finds my LAN/WAN not to be vulnerable.”<u></u><u></u></span></i></p>


<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">$495 for an automated VA of ‘most obvious holes’ without any remediation advice seems a bit steep to me.<u></u><u></u></span></p>


<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">If you absolutely must do security on the cheap, there are a slew of cheaper options ie </span><a href="http://www.qualys.com/forms/freescan/" target="_blank">http://www.qualys.com/forms/freescan/</a><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u><u></u></span></p>


<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><div><div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0cm 0cm 0cm">


<p class="MsoNormal"><b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> AusNOG [mailto:<a href="mailto:ausnog-bounces@lists.ausnog.net" target="_blank">ausnog-bounces@lists.ausnog.net</a>] <b>On Behalf Of </b>Peter Tonoli<br>


<b>Sent:</b> Thursday, 21 November 2013 1:48 PM<br><b>To:</b> Andrew Yager<br><b>Cc:</b> <a href="mailto:ausnog@lists.ausnog.net" target="_blank">ausnog@lists.ausnog.net</a><br><b>Subject:</b> Re: [AusNOG] Aust Info Sec?<u></u><u></u></span></p>


</div></div><div><div><p class="MsoNormal"><u></u> <u></u></p><div><div><blockquote style="border:none;border-left:solid #1010ff 1.5pt;padding:0cm 0cm 0cm 4.0pt;margin-left:3.75pt;margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span>From: </span></b><span>"Andrew Yager" <<a href="mailto:andrew@rwts.com.au" target="_blank">andrew@rwts.com.au</a>><br><b>To: </b><a href="mailto:ausnog@lists.ausnog.net" target="_blank">ausnog@lists.ausnog.net</a><br>


<b>Sent: </b>Thursday, 21 November, 2013 1:39:33 PM<br><b>Subject: </b>[AusNOG] Aust Info Sec?<u></u><u></u></span></p><div><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif"">Hi,<u></u><u></u></span></p>


</div><div><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif""><u></u> <u></u></span></p></div><div><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif"">I have a client who has just sent me an email that essentially contained:<u></u><u></u></span></p>


</div><div><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif""><u></u> <u></u></span></p></div><div><p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Calibri","sans-serif"">We have been getting cold calls from </span><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif""><a href="http://www.austinfosec.com/internet-security-audit" target="_blank"><span style="font-size:11.5pt;font-family:"Calibri","sans-serif";color:purple">http://www.austinfosec.com/internet-security-audit</span></a></span><span style="font-size:11.5pt;font-family:"Calibri","sans-serif""> to do a no obligation network security review...it sounds rather sus to me so I wanted your advice.</span><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif""><u></u><u></u></span></p>


</div><div><p class="MsoNormal"><span><u></u> <u></u></span></p></div><div><p class="MsoNormal"><span>Any thoughts on the legitimacy or otherwise of these guys?<u></u><u></u></span></p></div></blockquote><p class="MsoNormal">


<span>They answer the phone as "Exa web solutions" <<a href="http://www.exa.com.au/" target="_blank">http://www.exa.com.au/</a>>. Curious..<u></u><u></u></span></p><div><p class="MsoNormal"><span><u></u> <u></u></span></p>


</div><p class="MsoNormal"><span><br>-- <u></u><u></u></span></p><div><p class="MsoNormal"><span>Peter Tonoli < <a href="mailto:peter@medstv.unimelb.edu.au" target="_blank">peter@medstv.unimelb.edu.au</a> > <a href="tel:%2B61-3-9288-2399" value="+61392882399" target="_blank">+61-3-9288-2399</a> <br>


IT Manager <br>The University of Melbourne - Eastern Hill Academic Centre, St. Vincent's Institute and O'Brien Institute <u></u><u></u></span></p></div></div></div></div></div></div></div><br></div></div><div class="im">

_______________________________________________<br>

AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br></div></blockquote></div><br></div></div></div>
<br>_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br></blockquote></div><br></div>