[ISN] Re: Stephen Northcutt needs your help

From: InfoSec News (isn@private)
Date: Wed Jun 30 2004 - 07:29:08 PDT

  • Next message: InfoSec News: "[ISN] Campaign Sites Lack Security"

    Forwarded from: security curmudgeon <jericho@private>
    To: InfoSec News <isn@private>, ip@private
    Cc: stephen@private
    [Editorial note: Due to a little technological error at this end, ISN 
    is going out a little late, also I have about six pro and con mails 
    about SANS I need to cut and paste, then I will kill this thread, 
    any future mails can go directly to Stephen Northcutt.  - WK]
    SANS may be a non-profit but that doesn't mean the organization's
    employees work for free. Those who are full-time with SANS get paid
    for their work - and they are paid very well.
    While there may be some dispute regarding SANS and their reliance on
    "volunteer work", let's not forget they have chosen not to pay certain
    speakers in the past despite previously agreeing to do so.
    Also interesting is the timing of Northcutt's email. It seems just as
    he wants CERT out of SANS' turf, the SANS diary gets updated with
    information about the latest and greatest threat received from a
    conference call full of government, & military folks, including some
    from CERT. Despite their teeth-gnashing, they are certainly
    benefitting from their CERT relationship.
    The course Northcutt is referring to is a Carnegie Mellon Software
    Engineering Institute course (CM SEI), that receives government
    funding. He argues that due to said government funding, CERT shouldn't
    be able to provide training if a commercial organization provides the
    same or similar service. Following this "logic", CERT advisories and
    bulletins should stop since several commercial outfits provide the
    same service. The CERT VU/KB vulnerability database should go away
    since there are other free and commercial VDBs being maintained. I'm
    sure this wouldn't have any adverse effects on the security community
    at all.
    Plain and simple, Northcutt's complaint is shallow & selfish. If a
    person wants general security training, what are they going to search
    for? "Security Training" - which brings up SANS as the first result. I
    don't know if things have changed since the post, but searching for
    "SANS Training" gets a link to giac.org first, sans.org second. Is
    this really an issue? And is the real complaint the supposed violation
    of OMB A 76 Or is this a concern over your next paycheck, Mr.
    As it stands, SANS offers classes for as much as US$2,645 for five
    days of training. If you have only ten students in class, that is
    $26,450 incoming. Remove instructor fee, equipment cost and room
    rental and that is still a significant amount of money. If SANS isn't
    using a paid instructor (or they do, and opt not to pay them), SANS
    must make a killing on this training:
       SANS also offers a Volunteer Program through which, in return for
       acting as an important extension of SANS' conference staff, 
       volunteers may attend classes at no cost. Volunteers are most 
       definitely expected to pull their weight and the educational 
       rewards for their doing so are substantial.
    Add to the above general hypocrisy from SANS, and it's nearly
    impossible not to laugh at Northcutt's letter. Let's look at another
    letter from Northcutt in the wake of the "Code Red" worm:
       SANS Instructors, Jason Fossen and Eric Cole are available during 
       the next few weeks to teach a special one-day course on Securing 
       We haven't determined pricing yet, but it would be
       inappropriate to try to capitalize off of this attack.
    This is blatant ambulance chasing, something that seems more
    reprehensible than anything CERT has done with a few google ad-words.
    Security Curmudgeon
    ps: Does anyone else find the fact that "sans" in French means
    "without" or "lacking"  - somewhat ironic?
    ISN mailing list
    Sponsored by: OSVDB.org - For 15 cents a day, you could help feed an InfoSec junkie!
    (Broke? Spend 15 minutes a day on the project!)

    This archive was generated by hypermail 2b30 : Wed Jun 30 2004 - 10:18:15 PDT