[Dailydave] Craziest Spam
Thomas Ptacek
tqbf at matasano.com
Sat Sep 8 13:47:03 EDT 2007
It's funny that they segmented out "Reverse Code Engineer" and "Binary
Vulnerability Auditor". I also feel like "RCE" is kind of the
inside-baseball term for reverse engineering; did someone we all know
help them?
On 9/7/07, Halvar Flake <halvar at gmx.de> wrote:
> Hey all,
>
> I just received what I perceive is the craziest spam ever. I might be unjust
> (and these
> things might have merit), but the idea of
> having ISO certifications for reverse engineering and exploit development
> cracks me up.
>
> What ARE the relevant standards, procedures and methods of RCE ?
>
> The way I view it RCE/VulnDev are not really standards, procedures, methods
> based -- in
> the same manner that math isn't. But I might be wrong. Either way, I find
> this mail
> hilarious.
>
> Names have been changed to protect the guilty.
> =====================================================================
> Visit our new IT security certification programme at http://www.IRRE.org.
>
> The fundamental objective of the IRRE certification programme is to raise
> qualification as
> part of business excellence. IRRE certification aims to facilitate
> iterative-incremental
> qualification and the dissemination of good practice.
>
> The IRRE certified credential is a key differentiator in the selection
> process for analyst positions,
> new assignments of the professional expertise and knowledge within the
> software security profession!
> If you plan to build up a career in IT one of today's most visible
> professions and you have at
> least 2 years of experience in the IT sector then an IRRE certification
> should be your next career goal.
>
> (*** SNIP ***)
>
> IRRE Certified Reverse Code Engineering Professional
> Based on a famous decoration, the IRRE Certified Reverse Code Engineer
> provides with a high
> sophisticated certification trail an ultimate way to show your proven
> excellence in the field of IT-Security
> and IT-Anti-Security according to ISO/IEC 17024 to address the many
> challenges of software protection,
> malware, or exploitation analysis. Participants get trained with relevant
> standards, procedures, and methods
> of Reverse Code Engineering and get trained with high practical background.
> With certification participants are
> able to fulfil extensive binary security analysis and binary auditing
> processes on software systems and software
> security environments.
>
> (*** SNIP ***)
>
> IRRE Certified Binary Vulnerability Auditor Linux
> Normally a single exploit can only take advantage of specific software
> vulnerability. Often, when an exploit is
> published, the vulnerability is fixed through a patch and the exploit
> becomes obsolete for newer versions of the
> software. This is the reason why some black hat hackers do not publish their
> exploits but keep them private
> to themselves or other malicious crackers. Such exploits are referred to as
> 'zero day exploits' and to obtain
> access to such exploits is the primary desire of unskilled malicious
> attackers, often nicknamed script kiddies.
> Participants get trained with relevant standards, procedures, and methods of
> developing exploits and shell
> codes and get trained with high practical background. With certification
> participants are able to fulfil extensive
> binary security analysis and binary auditing processes on software systems
> and software security environments.
>
> =====================================================================
>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>
--
---
Thomas H. Ptacek // matasano security
read us on the web: http://www.matasano.com/log
More information about the Dailydave
mailing list