Which EU hacker/Security Guru would you trust ?

mick.fr

Hi guys,

If somebody could tell you the product X is really secure for several reasons (Covered by examples) who would you trust ?
He/She could be a hacker or a security Guru.

Thanks

Martyr

you mean, don't trust an EU security guru????

mick.fr

Average Joe wrote:

you mean, don't trust an EU security guru????

No I just meant what guy do you know, living in the EU (UK, Germany, whatever...)

WizZard

I generally make my own mind up about such things, but I would take advice from a few people, e.g Joanna Rutkowska.

mick.fr

WizZard wrote:

I generally make my own mind up about such things, but I would take advice from a few people, e.g Joanna Rutkowska.

Did not know her, she looks to have interresting thoughts, positions and skills.
Reading her blog...

Martyr

No I just meant what guy do you know, living in the EU (UK, Germany, whatever...)

i still don't understand your point..that US or Asian or African security gurus are more trustworthy than EU security gurus?
don't see how its relevant where you come from, to be honest.

there are plenty of cunning people who pass themselves off as security gurus and know nothing, and then there are pretty modest but highly skilled people who are considered untrustworthy. and why? because they're not good liars and avoid talking ****e, or because of where they are from.?

and you say you work for the government? heh

EDIT:I might seem harsh, but i find it literally..offensive that you are given the job of securing networks and computers for "really big companies" here in ireland.especially when i can't even get one, except for maybe the local mc donalds

mick.fr

Average Joe wrote:

i still don't understand your point..that US or Asian or African security gurus are more trustworthy than EU security gurus?
don't see how its relevant where you come from, to be honest.

there are plenty of cunning people who pass themselves off as security gurus and know nothing, and then there are pretty modest but highly skilled people who are considered untrustworthy. and why? because they're not good liars and avoid talking ****e, or because of where they are from.?

I do not consider myself being in this category, neither my customers, otherwise I would not have lasted 6 months in business :-) Irish people are not stupid :-)
Anyway to clarify I am not a security expert in term of hacking, doing penetration testing. I do consult on infrastructures, risk management. I am not a hacking tool guru. I do not consider myself as a security expert anyway, I never said that.

Average Joe wrote:

and you say you work for the government? heh

EDIT:I might seem harsh, but i find it literally..offensive that you are given the job of securing networks and computers for "really big companies" here in ireland.especially when i can't even get one, except for maybe the local mc donalds

I have asked about a EU guy because I might organise a security event in Dublin, and getting a guy from Europe might be easier than getting one from the US or Asia (Just an assumption)
I know in UK there are plenty of Security experts, so I was hoping to get some names to see if I could get in touch with them.

No I do not work for the Irish gov, I am a freelance and I have provided services to some Irish gov bodies, and I continue to provide them some sort of technical advices.

Now I do not know why you are offended by the fact I get such jobs and not you, maybe because I am not Irish. What I can say, is that I had to struggle in Ireland to get my chances, much more than any other Irish guy, well I guess.
I had the chance to work for some names, reason why today it is easier for me.
That was the same for me back in France, once I had worked for some names, everything went much easier.

I think this is the same everywhere. Plus the experience I have acquired in France, helped me to step way in front of other candidates, Irish, Polish, Finnish, whatever citizenship they were.

You know companies, Irish or any other, don't care about your citizenship, like colors, as soon as you are skilled and have the experience they need, they will hire you. Companies have priorities, they are here to make business, they are skilled people all over the world, if for a specific job they can not find an Irish guy, they will take a foreigner. There is no preference, nowadays, citizenship does not mean anything, just a passport.

Now I am really good at CVs, I changed it and it helped me a lot to get interviews straight away.
I would be more than happy to give you my CV, or discuss your current CV, drop me a PM, feel free honestly, that would be a pleasure to help you out.

Martyr

mick.fr wrote:

I have asked about a EU guy because I might organise a security event in Dublin, and getting a guy from Europe might be easier than getting one from the US or Asia (Just an assumption)
I know in UK there are plenty of Security experts, so I was hoping to get some names to see if I could get in touch with them.

are you saying that after asking this EU guy, you don't trust him?
specialising in what topics?
i know a professional doctor who was once regarded as one of the best software crackers in the world at one time, don't believe me?

there are alot more people researching security that don't appear in the limelight, compared to those who do.

like, this lady here was voted young woman engineer in the UK,(but she is from orginially from the republic of ireland) based in belfast..very interesting work, especially on RFID security. (attended a seminar by her) have you heard of her? i hadn't a clue until recently..

Now I do not know why you are offended by the fact I get such jobs and not you, maybe because I am not Irish. What I can say, is that I had to struggle in Ireland to get my chances, much more than any other Irish guy, well I guess.
I had the chance to work for some names, reason why today it is easier for me.
That was the same for me back in France, once I had worked for some names, everything went much easier.

i was just joking about being offended, but you strike me as a cocky kind of person.

mick.fr

Average Joe wrote:

are you saying that after asking this EU guy, you don't trust him?
specialising in what topics?

As I said I want to organize a security event and invite a security guru to corroborate that the product I will be presenting is really secure and reliable. Reason why I have asked for some names.

Average Joe wrote:

..very interesting work, especially on RFID security. (attended a seminar by her) have you heard of her? i hadn't a clue until recently..

No I don't know her, I am sure she has some interesting theories.

Average Joe wrote:

i was just joking about being offended, but you strike me as a cocky kind of person.

Ok sorry misunderstood you then.

Martyr

mick.fr wrote:

No I don't know her, I am sure she has some interesting theories.

she has already designed with some other people, an RFID capable of public key authentication..was impressive work.(which apparently will prevent cloning attacks)

As I said I want to organize a security event and invite a security guru to corroborate that the product I will be presenting is really secure and reliable. Reason why I have asked for some names.

so what is your application?
if you really believe its secure, then simply release it to the masses, and i'm sure plenty of people will have a stab at breaking it.
no point in having 1 or 2 people review it, expecting them to know everything.

there is good team below if you want to contact them, i would recommend them..very good RE skills.

http://www.rolfrolles.info/

if its a windows application, try skywing or alex ionescu
if its cracking protections..PM me, i'm not a cracker, but i know some good people.

ecksor

I think you've asked for two slightly different things on this thread. Product assurance and tools development aren't orthogonal, but they're still different.

As I said I want to organize a security event and invite a security guru to corroborate that the product I will be presenting is really secure and reliable. Reason why I have asked for some names.

This sounds like a marketing exercise more than a QA exercise or conference style presentation.

crashedmind

invite a security guru to corroborate that the product I will be presenting is really secure and reliable.

I don't think you'll find many security gurus willing to stake their reputation on the security of your product. I agree with other comments - it sounds like you need a marketing resource instead.

It's not clear what your product is - is it software only, or is it hardware and software?

If h/w+s/w you can pay for an independent security assessment from a knowledgeable/reputable source like:

1. certification/evaluation labs: TSystems, TNO, InfoGard, ....
2. Independent consultants: Ross Anderson, Markus Kuhn, ....

But I wouldn't go near these guys until you know more yourself....
Whatever, your security product is, see if there are any standard certifications/evaluations that apply e.g. Common Criteria.


It sounds like the best use for a security guru would be to advise you on the approach to take rather than endorse your poduct. To do that they need to know the details of your product.

Apologies if my comments are unfounded but you don't supply much info to go on...