Updated 05/16/2008 2:00 p.m. CST: I officially have my first customer for the "Nate McFeters Safe" certification and Jeremiah Grossman and I have signed up another member for Scanless PCI, as noted security researcher Russ McRee has purchased our certifications, see http://holisticinfosec.blogspot.com.
God is good and created YouTube for laughs and giggles on Friday, and I couldn't help myself at taking a good chuckle at this. I saw this youtube video posting which is an episode of "Web Marketing Watch" with Sage Lewis, who interview Cresta Pillsbury of ScanAlert, which has since been purchased by McAfee. At about 1:19 in the shit literally hits the fan (sorry for my language but I'm still mortified by this video). Here's the exchange:
Sage Lewis: And when you are talking about security, what exactly are you referring too?
Cresta Pillsbury: Um... we go in like a super hacker...
If you could've been a fly on the wall there, you wouldn't have believed she said that, but there it is, live like Memorex. ScanAlert... goes in... like a super hacker. Like a SUPER HACKER?!
Yes, that's right... their tool that scans for XSS and SQL Injection, as well as common configuration/patching issues, then THROWS OUT THE XSS FLAWS OR MISSES THEM ENTIRELY, goes in like a SUPER HACKER, and "hacks" your network/application. Then you get a sweet badge to put on your site for marketing purposes.
Forget all of that, I've got a better solution to all of this, it's called the "Nate McFeters Safe" certification, and it's a badge that you can put on your site for just $1.95 per site per day, a pittance compared to the cost of Hacker Safe, and I will do absolutely nothing to secure your site EXCEPT:
1.) Promise not to hack your site
You get all the PR bonus of getting to put this sexy logo on your site (image courtesy of Russ McRee and Holistic InfoSec Enterprises, Ltd.):
Plus, you will be just as secure from cross-site scripting attacks as you would if you spent way more for the HackerSafe logo! Best of all, I'll never revoke my logo for anything, because even if you do get hacked, that logo ensures that it wasn't by me!-Nate
P.S., look out in first quarter of 2009, Jeremiah Grossman and I will be teaming up to create the "Nate/JG Scanless PCI Certification" and the "Jeremiah Grossman Safe From Brazilian Jiu-Jitsu Attack Certification". Sexy logos are in development.