June 29, 2010
In the same spirit as Attrition's reporting of various strange idiosyncrasies surrounding Ligatt Security, I've taken some time to do a little digging myself. I can't put my finger on why this particular Gregory Evans charlatan has caught my interest, but the stuff we keep digging up certainly makes for interesting reading.
After my last post, I emailed Attrition a about the things I managed to find (and jericho was kind enough to respond), and since then Attrition has added more information to their page on Evans. I've since found some more interesting tidbits, so I figured I'd post about it. I've also shared this info with the guys at Attrition.
Supposedly acquired in March of 2009, Ligatt's "National Cyber Security" website appears to be completely gone, instead redirecting to some kind of foreign investing robot scam site. This isn't really a surprise, considering it was recently discovered that the content was plagarized. They even went as far as faking photos of the authors.
Next we have their online store, which Ligatt (and Ligatt alone) recognizes as an "Overnight International Sensation". The quality of the store is reflected in the awful grammar in the press release: "I told them it was not for sell, they suggested to me we should start a line for the computer community, and after showing a significant amount of sales, come talk to them." With a visual design quality reminiscent of someone who just discovered Frontpage 97, the store not only sports a series of "look at me I'm an asshole" t-shirts, but their business model seems to be based on "buy stuff online and resell it at a markup." Now I understand that all retail pretty much boils down to this concept, but when a software developer makes a product and sells it online, making an online store selling the exact same thing for $40 more is not a successful business model.
Aside from the pitiful product catalog, the site itself is a technical and security joke. First, let's take a look at their SSL certificate:
Issued To: localhost.localdomain, SomeOrganizationalUnit
(root@localhost.localdomain), SomeOrganization, SomeCity, SomeState
Issued By: localhost.localdomain, SomeOrganizationalUnit
(root@localhost.localdomain), SomeOrganization, SomeCity, SomeState
Expires: Oct 20 17:25:26 2009 GMT
Not the most comforting set of variables for an online store. It gets better when you find out that they're vulnerable to the TLS renegotiation attack, too.
Basically, there's a reason that Ligatt Security, Gregory Evans, and everything associated with them have no legitimate security industry credentials. They're either constructed by misleading statements, based on fabricated organizations, or just outright lies. Evans has so far lied about being a CISSP, CISA/CISM, CFE, and a PI.
It's not a stretch that he would also lie about knowing anything related to security. Hence, Ligatt Security was born.
(14:40)
Search :: Previous Entry :: Next Entry