Well, not really… Yet.
Look, it is just inevitable. At some point PDC is going to get hacked is some fashion or another. We at PDC watched what happened to the fine folks at Offensive Security, HBGary and LIGATT and thought to ourselves, “Damn! Some (not all) of those organizations are way smarter than we are and they got compromised.” So we have decided to create the following forum letter before a compromise happens just to cover our bases.
Because, as many of you know, it is not a matter of “if” it is a matter of “when.” We just hope that it is not something really dumb, like a default password or a missing OS patch. But, as you all know, stuff happens.
All the intern needs to do is choose the proper options in the [] brackets. We figure this just makes the whole process more streamlined.
Dear [Sir, Madam or name with numbers AND l3tt3rs!!] It came to our attention yesterday that your fine hacking [establishment, club, crew, harem and/or cabal] was able to successfully compromise one of the PaulDotCom servers. Well done! Once we sobered up enough to realize the server was compromised we [gave up drinking, hit the "off" button, went to the cigar bar or drank ourselves into oblivion] and left it to the intern to fix the server.
While your kudos as an l33t hax0r organization are well deserved we would like to ask you a simple favor. A small request from the “l@m3rs” you just “p0wn3d”. Please, look towards using your skills for the purposes of good and not evil.
You may disagree with our views on [full disclosure, responsible disclosure, no disclosure, mo disclosure, beer, cigars, pen testing, security, being sellouts, not selling out enough, eating meat, an unholy love of wireless access points and/or animal husbandry], however there are some massive issues that the industry as a whole needs to address quickly. I feel, that even though we may disagree on a point or two, we can agree that things are not going in the right direction.
It is the simple objective of PaulDotCom Security Weekly to help people secure their systems. The reason we do this is because we fundamentally believe that if people do not secure their data then someone else is going to step in and do it for them. We do not like the idea of mandated, compliance-based security. We do not like the idea of an Internet where all usage is tracked, and heavily regulated. The only way we know to stop these things from happening is by trying to make people aware of the risks they face and the tools they have to mitigate those risks.
This podcast is our way of giving back and trying to make it better. It is also an excuse to get together, drink beer of varying quality and talk security every week. If you disagree with us on a point or two we extend the offer for you to come on the show and express your point of view. We would also like to request that you tell us what, exactly, it is you disagree with us about… Preferably with color and monosyllabic words. Because in all honesty, we don’t what the hell we stand for half the time.
We will hold true to the tradition started by Dan Kaminsky and others and offer you a beer at the next con. After all, small penetration tests can go for more than $10K so it is the least we can do.
Paul promises that he will not cock punch you on sight….
Love and kisses,
PaulDotCom Security Weekly
####END LETTER#####
There, that should cover it. Now we simply sit on this and wait.

About the author