On Aug 21, 2012, Dan Vrebalovich of CORE Security sent out a large batch of unsolicted mail pitching CORE's Insight product. The mails were sent out to customers of Tenable's Nessus vulnerability scanner, and the mail pitched Insight as a way to leverage Nessus scan results. Initially, it appeared to be cross-company promotion from both CORE and Tenable. However, after subsequent research it was determined that CORE purchased a list of Nessus customers from a spam outfit that sells targeted lists.
Once Tenable found out, they were not pleased and contacted both CORE and Marketo, the company CORE used to send the mails through. CORE's use of a purchased list violates Marketo's rules for use, in addition to the obviously unethical activity of spamming to sell a product. Mails to CORE and Dan Vrebalovich were not answered regarding this situation, even when asked in the context of it appearing on Errata. Tweets to @CoreSecurity also went unanswered.
From: Dan Vrebalovich (dvrebalovich@coresecurity.com) To: [redacted] Date: Tue, 21 Aug 2012 17:00:50 +0000 Subject: CORE Security's Integration Options with Nessus As a Nessus customer, we know that although you are producing valuable vulnerability data, the volumes of information from your scan is difficult to sort through and prioritize. Many organizations like yours have discovered that taking a proactive approach to vulnerability management makes it possible for security teams to eliminate data overload and gain actionable information necessary to improve security, optimize budgets and increase efficiency. By leveraging CORE Insight's integration options with Nessus, organizations can unify and streamline network vulnerability management initiatives by aggregating security data from every corner of your organization, adding predictive security intelligence to identify critical exposures and associated business risks, and effectively communicate their implications to the line of business. For further information on how CORE Insight can help you streamline the results received from your current Nessus scans, here is an overview of how the two products work together to give you an automated process for continuous vulnerability management. Additionally, if you would like to speak directly about how CORE can help with your current security efforts please reach me at 310-462-6600. I look forward to exploring how CORE?s integration with Nessus could be beneficial to your organization. Regards, Dan (http://ws.coresecurity.com/rs/coresecurity/images/core%20logo.bmp) Dan Vrebalovich | Field Sales Manager Core Security | 41 Farnsworth Street | Boston, MA 02210 | USA direct: 310-462-6600 | fax: 617.399.6987 dvrebalovich@coresecurity.com | www.coresecurity.com (link tracking URL) Read: Blog (link tracking URL) Follow: Twitter (link tracking URL) Like: Facebook (link tracking URL) Network: LinkedIn (link tracking URL) If you no longer wish to receive these emails, click on the following link: Unsubscribe (URL)