Roll Offle | 1 Jan 01:37 2008
Picon

Hal Turner exposé no. 2 (courtesy of GAPP & goudatr0n)

                 +-------------------------------------------+
                 |   _|_|_|     _|_|     _|_|_|     _|_|_|   |
                 | _|         _|    _|   _|    _|   _|    _| |
                 | _|  _|_|   _|_|_|_|   _|_|_|     _|_|_|   |
                 | _|    _|   _|    _|   _|         _|       |
                 |   _|_|_|   _|    _|   _|         _|       |
                 |                              presents...  |
                 +-------------------------------------------+
                        An Expose of Hal Turner, No. II

Keywords:
 white power, 1488, WPWW1488, Hal, Turner, Harold, Bill White, VNN

The Update:

 Hal Turner's http://www.halturnershow.com/ site has been compromised
 twice in the past week by an expert GAPP & goudatr0n security
 collaboration. Before both cracks Hal said that the site was
 "unhackable"; this has proven to be false.
 This is the first of Hal's many lies.

 ASIDE:
 Here's the results of a uname -a; id on Hal's server:

 Linux privatewebhosting.org 2.6.22.14-72.fc6 #1 SMP Wed
 Nov 21 13:44:07 EST 2007 i686 i686 i386 GNU/Linux
 uid=0(root) gid=0(root) groups=0(root)

 Hal's earlier claim that had server expenses of "over $5,000" is his
 2nd lie. GAPP-goudatr0n investigation has revealed that Hal has spent
(Continue reading)

Adam Muntner | 1 Jan 16:04 2008

Re: [Professional IT Security Providers - Exposed] QuietMove ( D - )

Your review gets a d-.

You can't add. You can't spell. Your skills appear to be limited to rudimentary use of a browser and linkedin.com. In combination with your undeserved and unearned sense of self importance, pretty pathetic.

You spelled Marcin's last name wrong. Great use of linkedin.com. You can't even cunt n paste. He interned for us last semester. He isn't a front line consultant. So,you fail the ^c ^v and spelling practical, as well as the investigative one. We have 2 other consultants besides myself-they don't use linkedin and you didnt find them. Our clients know our consultants. We don't post their names on the website.

F is for failure.

As for my experience - I was also a the security officer for an at the time publicly traded company for 2 years, the IT director of 2 .com startups where security was my responsibility for several years, and for the last 2 have been deeply involved with all customer engagements. 
Prior to that I spent the 90s architecting, developing, and leading developer teams.
I hsve been pentesting since 98 and nearly nonstop since 2000. You were what, 11 years old then? Clearly, basic arithmetic isn't a strong point of yours, either. I suspect you spent the 90s in grammar school. At lest you seemed to learn something there.

On that note....

Most of our clients are referred by others who are very satisfied with the work we perform. Not by the website. It doesn't get a lot of attention - were small but growing and focused on serving our clients. I know basic HTML seems like the pinnacle of achievement to you, but we aren't in the business of making pretty web pages. We discuss our methodology with our clients-we don't post it on the web. I know you were hoping to learn nimething. Hacking for dummies might be more your speed, after you perfect your Cunt and Paste skills.

I took the plunge and started what is now a growing business nearly 2 years ago, and we now serve 3 fortune 1000 clients, replacing much larger firms, plus a good number of midsize clients. Being an entrepreneur is a lot more challenging than being an anonymous anklebite, though from your moms basement it might not seem that way.

I'm heading to Manhattan for some R&R right now. If you are in the vicinity let me know, I'll buy you a beer (if you're 21) and you can meet me yourself and post a review or somthing. 

Don't take this wrong - consider it constructive criticism and try harder next time. It's good to know we are recognized enough to be noticed by the mighty, anonymous secreview. This might even double our daily web traffic to 20 visitors. ;)

Adam Muntner
Managing Partner
QuietMove, Inc.

Sent from my iPhone

On Dec 31, 2007, at 4:13 PM, secreview <secreview <at> hushmail.com> wrote:

QuiteMove, located at http://www.quitemove.com is a small Professional IT Security Services Provider that offers Training services, Incident Response Services, Web Application Security Services and Penetration Testing Services. QuiteMove was started by Adam Munter in 2006 along with Jeffrey Rassas, and James Garvey, Jr. You can read their mission statement here "http://www.mywikibiz.com/Directory:QuietMove" (but its pretty basic).

When reviewing the QuiteMove website and people we were not the least bit impressed. The QuiteMove website is packed full of grammatical errors and many of the services don't even have descriptions. The services that do have descriptions are very poorly written and very poorly defined. Take a look at their Penetration Testing service offering as an example. If you want to see an example of no content check out their Social Engineering offering.

Since we were unable to extract anything useful from the materials provided to us by QuiteMove we decided to focus on the talent behind QuietMove. Unfortunately we were equally unimpressed. The only technically oriented team members that we were able to identify within QuietMove were Adam Munter, who is a founder and Marcin Wielgoszewsk, who is a very "green" consultant. Seeing as Adam Munter is being positioned as the technical visionary for QuietMove, we decided to focus on him and not on Marcin.

Adam's Linkedin Bio: http://tinyurl.com/yt9j2y

As it turns out Adam Munter worked for Accuvant, a company that competes directly with Adam's QuietMove; prior to founding QuietMove. Adam's role at Accuvant was to lead consultants on IT Security Engagements for large orginazations. In conjunction with this, Adam also spoke at conferences. He worked here for 1 year and 1 month.

Prior to working for Accuvant, Adam worked for Pegasus Solutions Inc. as the acting Chief Security Officer. Pegasus is the largest hotel reservation distribution system vendor and a major vendor of Hotel Management systems. Adam did get some Sarbanes Oxley work under his belt as he helped Pegasus to successfully "marshall" through their first audit. Adam also initiated the program to help get Pegasus to be Visa CISP compliant, including evaluating and changing their handling of payment Cardholder data. He worked here for 2 years and 1 month.

From August 2000 to January 2003 Adam was a "Founding member of IBM's Ethical Hacking Center of Competency." His responsibilities included being a technical interviewer for new hires, a Penetration Testing Subject Matter Expert, and the performance of consulting engagements for clients ranging from midsize companies and government agencies to the fortune 500. Adam worked for IBM for 2 years and 6 months.

So if we add up the relevant experience that Adam has had according to his linked in bio we get 1 year and 1 month + 2 years and 6 months, which is a grand total of 3 years and 7 months of professional IT Security Consulting Experience. Not sure about our readers, but to us at Secreview that hardly makes Adam an IT Security Expert.

But wait, now we have a discrepancy...

According to the QuietMove website, Adam "has over 14 years of experience in information security, software, and product R&D with 8 years being dedicated solely to security." His QuietMove bio goes on to say "Adam’s particular talents include penetration testing of web and binary applications, networks, systems, and SCADA, “social engineering” and physical penetration of facilities, and in developing professional services offerings."

This just doesn't add up.

Anyway, remember we didn't set out to bash anyone here, but Adam/QuietMove put himself/themselves in the line of fire. QuietMove appears to be a very small and disorganized shop. Their website is half-assed and incomplete and we can't say anything better about their talent profile. We suggest that QuietMove complete their website and review their talent profile, then we'll set out to do another review and see if they score better. As of right now, we can't give them more than a D-. We'll keep an eye on their website and redo this review if they ever fix their issues.


Score Card (Click to Enlarge)

--
Posted By secreview to Professional IT Security Providers - Exposed at 12/31/2007 11:32:00 AM
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Adam Muntner | 1 Jan 16:18 2008

Re: [Professional IT Security Providers - Exposed] QuietMove ( secreview review: D- )

Before secreview jumps on them, apologies for the typos. Hard to type long email on touchscreen, on the train!

No hard feelings secreview. I apreciate the review. There is no such thing as bad press, and I had fun writing my witty and clever rejoinder.

Adam Muntner
Managing Partner
QuietMove, Inc.
Phone: 602-793-5969
Fax: 866-272-8194

Sent from my iPhone

On Jan 1, 2008, at 10:04 AM, Adam Muntner <adam.muntner <at> quietmove.com> wrote:

Your review gets a d-.

You can't add. You can't spell. Your skills appear to be limited to rudimentary use of a browser and linkedin.com. In combination with your undeserved and unearned sense of self importance, pretty pathetic.

You spelled Marcin's last name wrong. Great use of linkedin.com. You can't even cunt n paste. He interned for us last semester. He isn't a front line consultant. So,you fail the ^c ^v and spelling practical, as well as the investigative one. We have 2 other consultants besides myself-they don't use linkedin and you didnt find them. Our clients know our consultants. We don't post their names on the website.

F is for failure.

As for my experience - I was also a the security officer for an at the time publicly traded company for 2 years, the IT director of 2 .com startups where security was my responsibility for several years, and for the last 2 have been deeply involved with all customer engagements. 
Prior to that I spent the 90s architecting, developing, and leading developer teams.
I hsve been pentesting since 98 and nearly nonstop since 2000. You were what, 11 years old then? Clearly, basic arithmetic isn't a strong point of yours, either. I suspect you spent the 90s in grammar school. At lest you seemed to learn something there.

On that note....

Most of our clients are referred by others who are very satisfied with the work we perform. Not by the website. It doesn't get a lot of attention - were small but growing and focused on serving our clients. I know basic HTML seems like the pinnacle of achievement to you, but we aren't in the business of making pretty web pages. We discuss our methodology with our clients-we don't post it on the web. I know you were hoping to learn nimething. Hacking for dummies might be more your speed, after you perfect your Cunt and Paste skills.

I took the plunge and started what is now a growing business nearly 2 years ago, and we now serve 3 fortune 1000 clients, replacing much larger firms, plus a good number of midsize clients. Being an entrepreneur is a lot more challenging than being an anonymous anklebite, though from your moms basement it might not seem that way.

I'm heading to Manhattan for some R&R right now. If you are in the vicinity let me know, I'll buy you a beer (if you're 21) and you can meet me yourself and post a review or somthing. 

Don't take this wrong - consider it constructive criticism and try harder next time. It's good to know we are recognized enough to be noticed by the mighty, anonymous secreview. This might even double our daily web traffic to 20 visitors. ;)

Adam Muntner
Managing Partner
QuietMove, Inc.

Sent from my iPhone

On Dec 31, 2007, at 4:13 PM, secreview <secreview <at> hushmail.com> wrote:

QuiteMove, located at http://www.quitemove.com is a small Professional IT Security Services Provider that offers Training services, Incident Response Services, Web Application Security Services and Penetration Testing Services. QuiteMove was started by Adam Munter in 2006 along with Jeffrey Rassas, and James Garvey, Jr. You can read their mission statement here "http://www.mywikibiz.com/Directory:QuietMove" (but its pretty basic).

When reviewing the QuiteMove website and people we were not the least bit impressed. The QuiteMove website is packed full of grammatical errors and many of the services don't even have descriptions. The services that do have descriptions are very poorly written and very poorly defined. Take a look at their Penetration Testing service offering as an example. If you want to see an example of no content check out their Social Engineering offering.

Since we were unable to extract anything useful from the materials provided to us by QuiteMove we decided to focus on the talent behind QuietMove. Unfortunately we were equally unimpressed. The only technically oriented team members that we were able to identify within QuietMove were Adam Munter, who is a founder and Marcin Wielgoszewsk, who is a very "green" consultant. Seeing as Adam Munter is being positioned as the technical visionary for QuietMove, we decided to focus on him and not on Marcin.

Adam's Linkedin Bio: http://tinyurl.com/yt9j2y

As it turns out Adam Munter worked for Accuvant, a company that competes directly with Adam's QuietMove; prior to founding QuietMove. Adam's role at Accuvant was to lead consultants on IT Security Engagements for large orginazations. In conjunction with this, Adam also spoke at conferences. He worked here for 1 year and 1 month.

Prior to working for Accuvant, Adam worked for Pegasus Solutions Inc. as the acting Chief Security Officer. Pegasus is the largest hotel reservation distribution system vendor and a major vendor of Hotel Management systems. Adam did get some Sarbanes Oxley work under his belt as he helped Pegasus to successfully "marshall" through their first audit. Adam also initiated the program to help get Pegasus to be Visa CISP compliant, including evaluating and changing their handling of payment Cardholder data. He worked here for 2 years and 1 month.

From August 2000 to January 2003 Adam was a "Founding member of IBM's Ethical Hacking Center of Competency." His responsibilities included being a technical interviewer for new hires, a Penetration Testing Subject Matter Expert, and the performance of consulting engagements for clients ranging from midsize companies and government agencies to the fortune 500. Adam worked for IBM for 2 years and 6 months.

So if we add up the relevant experience that Adam has had according to his linked in bio we get 1 year and 1 month + 2 years and 6 months, which is a grand total of 3 years and 7 months of professional IT Security Consulting Experience. Not sure about our readers, but to us at Secreview that hardly makes Adam an IT Security Expert.

But wait, now we have a discrepancy...

According to the QuietMove website, Adam "has over 14 years of experience in information security, software, and product R&D with 8 years being dedicated solely to security." His QuietMove bio goes on to say "Adam’s particular talents include penetration testing of web and binary applications, networks, systems, and SCADA, “social engineering” and physical penetration of facilities, and in developing professional services offerings."

This just doesn't add up.

Anyway, remember we didn't set out to bash anyone here, but Adam/QuietMove put himself/themselves in the line of fire. QuietMove appears to be a very small and disorganized shop. Their website is half-assed and incomplete and we can't say anything better about their talent profile. We suggest that QuietMove complete their website and review their talent profile, then we'll set out to do another review and see if they score better. As of right now, we can't give them more than a D-. We'll keep an eye on their website and redo this review if they ever fix their issues.


Score Card (Click to Enlarge)

--
Posted By secreview to Professional IT Security Providers - Exposed at 12/31/2007 11:32:00 AM
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Marcin Wielgoszewski | 1 Jan 17:57 2008
Picon

Re: [Professional IT Security Providers - Exposed] QuietMove ( D - )

Marcin Wielgoszewski here, the "green consultant" you mentioned but
chose not to focus on.  I'm not sure what you mean by "green," but
whatever.  I have just finished my bachelor's degree, have done
internships with some Fortune-100's and I am constantly doing research
on my own.  I also make an effort to attend every conference and local
meet-up.  I have my own blog I started at http://www.tssci-security.com,
you can read and learn more about me.

Onto QuietMove and Adam Muntner...  QuietMove was founded by Adam and
the other two folks you mention.  I have done some part-time work with
Adam over the past couple months while finishing up my last semester.
Adam knows this industry inside-out, and one of only several people I
would say really knows his stuff.  I'm sorry the website doesn't have an
infosec glossary of terms for you to study for your Security+.  I guess
looking on LinkedIn and the website passes off as "research" nowadays.
Couldn't you have at least used Maltego to look deeper into this?  I was
actually going to make a post about how pathetic the "research" some
people have tried to pass off lately in security, and no one, except for
a few have called anyone out on it.

Some security consulting firms you would give a higher score are some of
the firms we've picked up where traceroute, whois and their nmap
scanners left off.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Adam Muntner | 1 Jan 18:09 2008

Re: [Professional IT Security Providers - Exposed] QuietMove ( D - )

Secreview, you might learn something by reading Marcin's blog.

Adam Muntner
Managing Partner
QuietMove, Inc.
Fax: 866-272-8194
http://www.quietmove.com

Sent from my iPhone

On Jan 1, 2008, at 11:57 AM, Marcin Wielgoszewski  
<marcinw86 <at> gmail.com> wrote:

> Marcin Wielgoszewski here, the "green consultant" you mentioned but
> chose not to focus on.  I'm not sure what you mean by "green," but
> whatever.  I have just finished my bachelor's degree, have done
> internships with some Fortune-100's and I am constantly doing research
> on my own.  I also make an effort to attend every conference and local
> meet-up.  I have my own blog I started at http://www.tssci-security.com 
> ,
> you can read and learn more about me.
>
> Onto QuietMove and Adam Muntner...  QuietMove was founded by Adam and
> the other two folks you mention.  I have done some part-time work with
> Adam over the past couple months while finishing up my last semester.
> Adam knows this industry inside-out, and one of only several people I
> would say really knows his stuff.  I'm sorry the website doesn't  
> have an
> infosec glossary of terms for you to study for your Security+.  I  
> guess
> looking on LinkedIn and the website passes off as "research" nowadays.
> Couldn't you have at least used Maltego to look deeper into this?  I  
> was
> actually going to make a post about how pathetic the "research" some
> people have tried to pass off lately in security, and no one, except  
> for
> a few have called anyone out on it.
>
> Some security consulting firms you would give a higher score are  
> some of
> the firms we've picked up where traceroute, whois and their nmap
> scanners left off.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

reepex | 1 Jan 19:12 2008
Picon

Re: [Professional IT Security Providers - Exposed] QuietMove ( D - )

On Jan 1, 2008 9:04 AM, Adam Muntner <adam.muntner <at> quietmove.com> wrote:

I hsve been pentesting since 98 and nearly nonstop since 2000.

You cannot spell either and you have been a 'pentester' ... does this mean you ran nessus and other automated testing tools and call yourself a hacker?
 
Sent from my iPhone

Please kill yourself
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
SilentRunner | 1 Jan 19:05 2008

Re: [Professional IT Security Providers - Exposed] QuietMove ( D - )


Adam

I appreciate that you have to defend your firm, but why are you
giving the skiddie the satisfaction of even acknowledging his
existence?

Don't be fooled by the "we", secreview is one person. A kid of
maybe 15 sitting in his room looking for something better to do
besides squeezing spots and masturbating to the demo dollies on the
shopping channel.

Not a single person here has had anything but derision for the
fool's efforts, none of which have added or will ever add anything
useful to the trade. I look forward to the day when he "reviews" a
big firm and they send the lawyers in to hopefully take his parents
(some people shouldn't be allowed to breed) house, and his computer
away.

If he is universally ignored, he will get bored and go away.
Perhaps with luck he will direct his reviewing "talents" to
something useful, like hairdressers, or cosmetics, where simply
reading a website has some relevance to the product, not.

SR

On Tue, 01 Jan 2008 15:04:48 +0000 Adam Muntner
<adam.muntner <at> quietmove.com> wrote:
>Your review gets a d-.
>
>You can't add. You can't spell. Your skills appear to be limited
>to
>rudimentary use of a browser and linkedin.com. In combination with

>
>your undeserved and unearned sense of self importance, pretty
>pathetic.
>
>You spelled Marcin's last name wrong. Great use of linkedin.com.
>You
>can't even cunt n paste. He interned for us last semester. He
>isn't a
>front line consultant. So,you fail the ^c ^v and spelling
>practical,
>as well as the investigative one. We have 2 other consultants
>besides
>myself-they don't use linkedin and you didnt find them. Our
>clients
>know our consultants. We don't post their names on the website.
>
>F is for failure.
>
>As for my experience - I was also a the security officer for an at

>the
>time publicly traded company for 2 years, the IT director of 2
>.com
>startups where security was my responsibility for several years,
>and
>for the last 2 have been deeply involved with all customer
>engagements.
>Prior to that I spent the 90s architecting, developing, and
>leading
>developer teams.
>I hsve been pentesting since 98 and nearly nonstop since 2000. You

>
>were what, 11 years old then? Clearly, basic arithmetic isn't a
>strong
>point of yours, either. I suspect you spent the 90s in grammar
>school.
>At lest you seemed to learn something there.
>
>On that note....
>
>Most of our clients are referred by others who are very satisfied
>with
>the work we perform. Not by the website. It doesn't get a lot of
>attention - were small but growing and focused on serving our
>clients.
>I know basic HTML seems like the pinnacle of achievement to you,
>but
>we aren't in the business of making pretty web pages. We discuss
>our
>methodology with our clients-we don't post it on the web. I know
>you
>were hoping to learn nimething. Hacking for dummies might be more
>your
>speed, after you perfect your Cunt and Paste skills.
>
>I took the plunge and started what is now a growing business
>nearly 2
>years ago, and we now serve 3 fortune 1000 clients, replacing much

>
>larger firms, plus a good number of midsize clients. Being an
>entrepreneur is a lot more challenging than being an anonymous
>anklebite, though from your moms basement it might not seem that
>way.
>
>I'm heading to Manhattan for some R&R right now. If you are in the

>
>vicinity let me know, I'll buy you a beer (if you're 21) and you
>can
>meet me yourself and post a review or somthing.
>
>Don't take this wrong - consider it constructive criticism and try

>
>harder next time. It's good to know we are recognized enough to be

>
>noticed by the mighty, anonymous secreview. This might even double

>our
>daily web traffic to 20 visitors. ;)
>
>Adam Muntner
>Managing Partner
>QuietMove, Inc.
>http://www.quietmove.com
>
>Sent from my iPhone
>
>On Dec 31, 2007, at 4:13 PM, secreview <secreview <at> hushmail.com>
>wrote:
>
>> QuiteMove, located at http://www.quitemove.com is a small
>> Professional IT Security Services Provider that offers Training

>
>> services, Incident Response Services, Web Application Security
>> Services and Penetration Testing Services. QuiteMove was started

>by
>> Adam Munter in 2006 along with Jeffrey Rassas, and James Garvey,

>Jr.
>> You can read their mission statement here
>"http://www.mywikibiz.com/Directory:QuietMove
>> " (but its pretty basic).
>>
>> When reviewing the QuiteMove website and people we were not the

>
>> least bit impressed. The QuiteMove website is packed full of
>> grammatical errors and many of the services don't even have
>> descriptions. The services that do have descriptions are very
>poorly
>> written and very poorly defined. Take a look at their
>Penetration
>> Testing service offering as an example. If you want to see an
>> example of no content check out their Social Engineering
>offering.
>>
>> Since we were unable to extract anything useful from the
>materials
>> provided to us by QuiteMove we decided to focus on the talent
>behind
>> QuietMove. Unfortunately we were equally unimpressed. The only
>> technically oriented team members that we were able to identify

>
>> within QuietMove were Adam Munter, who is a founder and Marcin
>> Wielgoszewsk, who is a very "green" consultant. Seeing as Adam
>> Munter is being positioned as the technical visionary for
>QuietMove,
>> we decided to focus on him and not on Marcin.
>>
>> Adam's Linkedin Bio: http://tinyurl.com/yt9j2y
>>
>> As it turns out Adam Munter worked for Accuvant, a company that

>
>> competes directly with Adam's QuietMove; prior to founding
>> QuietMove. Adam's role at Accuvant was to lead consultants on IT

>
>> Security Engagements for large orginazations. In conjunction
>with
>> this, Adam also spoke at conferences. He worked here for 1 year
>and
>> 1 month.
>>
>> Prior to working for Accuvant, Adam worked for Pegasus Solutions

>
>> Inc. as the acting Chief Security Officer. Pegasus is the
>largest
>> hotel reservation distribution system vendor and a major vendor
>of
>> Hotel Management systems. Adam did get some Sarbanes Oxley work

>
>> under his belt as he helped Pegasus to successfully "marshall"
>> through their first audit. Adam also initiated the program to
>help
>> get Pegasus to be Visa CISP compliant, including evaluating and

>
>> changing their handling of payment Cardholder data. He worked
>here
>> for 2 years and 1 month.
>>
>> From August 2000 to January 2003 Adam was a "Founding member of

>
>> IBM's Ethical Hacking Center of Competency." His
>responsibilities
>> included being a technical interviewer for new hires, a
>Penetration
>> Testing Subject Matter Expert, and the performance of consulting

>
>> engagements for clients ranging from midsize companies and
>> government agencies to the fortune 500. Adam worked for IBM for
>2
>> years and 6 months.
>>
>> So if we add up the relevant experience that Adam has had
>according
>> to his linked in bio we get 1 year and 1 month + 2 years and 6
>> months, which is a grand total of 3 years and 7 months of
>> professional IT Security Consulting Experience. Not sure about
>our
>> readers, but to us at Secreview that hardly makes Adam an IT
>> Security Expert.
>>
>> But wait, now we have a discrepancy...
>>
>> According to the QuietMove website, Adam "has over 14 years of
>> experience in information security, software, and product R&D
>with 8
>> years being dedicated solely to security." His QuietMove bio
>goes on
>> to say "Adam’s particular talents include penetration testing of

>web
>>  and binary applications, networks, systems, and SCADA, “social
>engi
>> neering” and physical penetration of facilities, and in
>developing p
>> rofessional services offerings."
>>
>> This just doesn't add up.
>>
>> Anyway, remember we didn't set out to bash anyone here, but
>Adam/
>> QuietMove put himself/themselves in the line of fire. QuietMove

>
>> appears to be a very small and disorganized shop. Their website
>is
>> half-assed and incomplete and we can't say anything better about

>
>> their talent profile. We suggest that QuietMove complete their
>> website and review their talent profile, then we'll set out to
>do
>> another review and see if they score better. As of right now, we

>
>> can't give them more than a D-. We'll keep an eye on their
>website
>> and redo this review if they ever fix their issues.
>>
>>
>> Score Card (Click to Enlarge)
>>
>> --
>> Posted By secreview to Professional IT Security Providers -
>Exposed
>> at 12/31/2007 11:32:00 AM
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
reepex | 1 Jan 19:33 2008
Picon

Re: [Professional IT Security Providers - Exposed] QuietMove ( D - )

You are worthless.

http://www.tssci-security.com/bookshelf/

Is this list up to date?  It makes it seem as if you are learning basic linux commands, sed, and basic perl. Also why are you reading operating system design and implementation when you do not know C? ( Seeing as C books are in your 'to-read' list ).  Do you understand any of the code in it or do you just pick out buzz words to talk about at your 'local meet-ups'. Why dont you explain the finer points of microkernel design to us? 

You are headed even further down the path of complete lamer seeing as you read books on XSS and all your blog posts revolve around it.

even more lulz in your 'plan to read' containing books on fuzzing, metasploit, and writing rootkits. How can you write rootkits when you do not know C and are learning basic unix commands?... lol

Hopefully one day you realize that you are just another security industry kiddie and have no real knowledge, but probably not. Seeing as you have your 'bachelors' ( lol - has nothing to do with security ) - I am sure you are well on your way to a cissp.

Also for good laugh speople should read:

http://www.tssci-security.com/projects/

how long did it take you to write all 40 lines of your 'labs' code? I shall notify perl underground of your horrendous perl and you shalll be a source of great lulz in their next production.

Just found this: http://www.tssci-security.com/blog/wp-content/uploads/2007/11/mwielgoszewski_resume.pdf So you worked 4 places and did nothing useful. Sounds like SImon may want to hire you. ( Hi simon , are your workers still inadequate and you need more help? )

So basically you have worked 4 jobs, went to a community college that has some sort of security program, you know basic perl and C, do not know how to audit any real programs, and blog about XSS.   Does this summarize you pretty well? 



On Jan 1, 2008 10:57 AM, Marcin Wielgoszewski <marcinw86 <at> gmail.com> wrote:
Marcin Wielgoszewski here, the "green consultant" you mentioned but
chose not to focus on.  I'm not sure what you mean by "green," but
whatever.  I have just finished my bachelor's degree, have done
internships with some Fortune-100's and I am constantly doing research
on my own.  I also make an effort to attend every conference and local
meet-up.  I have my own blog I started at http://www.tssci-security.com,
you can read and learn more about me.

Onto QuietMove and Adam Muntner...  QuietMove was founded by Adam and
the other two folks you mention.  I have done some part-time work with
Adam over the past couple months while finishing up my last semester.
Adam knows this industry inside-out, and one of only several people I
would say really knows his stuff.  I'm sorry the website doesn't have an
infosec glossary of terms for you to study for your Security+.  I guess
looking on LinkedIn and the website passes off as "research" nowadays.
Couldn't you have at least used Maltego to look deeper into this?  I was
actually going to make a post about how pathetic the "research" some
people have tried to pass off lately in security, and no one, except for
a few have called anyone out on it.

Some security consulting firms you would give a higher score are some of
the firms we've picked up where traceroute, whois and their nmap
scanners left off.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
veda | 1 Jan 19:47 2008
Picon

Re: [Professional IT Security Providers - Exposed] QuietMove ( D - )

reepex wrote:
> On Jan 1, 2008 9:04 AM, Adam Muntner <adam.muntner <at> quietmove.com 
> <mailto:adam.muntner <at> quietmove.com>> wrote:
>
>     I hsve been pentesting since 98 and nearly nonstop since 2000.
>
>
> You cannot spell either and you have been a 'pentester' ... does this 
> mean you ran nessus and other automated testing tools and call 
> yourself a hacker?
>  
>
>     Sent from my iPhone
>
Cares?
>
> Please kill yourself
You all need to grow up a bit, and stfu.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Jeffrey Denton | 1 Jan 20:06 2008
Picon

Re: [Professional IT Security Providers - Exposed] QuietMove ( D - )

On Jan 1, 2008 7:33 PM, reepex <reepex <at> gmail.com> wrote:

> http://www.tssci-security.com/bookshelf/
>
> Is this list up to date?  It makes it seem as if you are learning basic
> linux commands, sed, and basic perl. Also why are you reading operating
> system design and implementation when you do not know C? ( Seeing as C books
> are in your 'to-read' list ).

The C programming book listed on the bookshelf has be given a "Not
Recommended" review by the ACCU.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Gmane