Acunetix SiteAudit: The preferred website security auditing service of lesbians, ninjas, and farm animals

I don't really mind most spam that much since my gauntlet of spam filters keeps almost all of it out of my inbox, but one type of spam that often slips past my filters and bugs the crap out of me is unsolicited press releases from people who want me to talk about their company on my website.

Invariably, these press releases are prefaced by a short introduction from some publicity person saying that they've sent it to me because they're sure my readers are just dying to hear about whatever product or service their company is selling. The ridiculous thing is that these people have gone to the trouble of obtaining my email address and addressing the email to me personally, but they apparently haven't bothered actually looking at my website, or they'd know that it's a personal blog and that I don't post press releases, nor are most of my readers the least bit interested in the products and services these companies are usually selling.

Occasionally, if I'm bored, I'll actually respond to these mailings and see how long I can string someone along with feigned interest before they actually look at my website and realize they've made a mistake. My URL is included in my email signature and I'm practically inviting them to click on it and check me out, but they never do.

A few days ago I received the following email:

From: Acunetix <bounces@acunetix.com>
Reply-To: Tamara <tamara@acunetix.com>
To: Ryan <ryan@wonko.com>
Date: 1/10/2007 1:09 AM
Subject: Acunetix offers free web audit to Universities

Hi Ryan,

I am contacting you following the much publicized surge in hacking attacks aimed towards Universities, in particular, UCLA when last December 800,000 records were reported hacked.

We are offering Universities and Not-for-profit organizations the possibility of having their website audited at no cost.

I am pasting a copy of our press release below for more information about our offer. We'd be grateful if you would include this news in your publication / site.

Please contact me if you would like further information - we would also be very interested in organizing an interview with our Sales VP. I think your audience would be very interested to hear about the latest developments in web application security.

Thanks and regards,

Tamara Borg
(www.acunetix.com)

[press release]

I felt slightly less animosity towards this Tamara Borg person than I do towards most senders of press releases, since I do occasionally discuss web application security on this blog. However, anyone paying attention can easily tell that this is a personal blog and that I don't post press releases or interviews with Sales VPs. I wondered how long I could string her along before she figured this out. So I replied:

From: Ryan Grove <ryan@wonko.com>
To: Tamara <tamara@acunetix.com>
Date: 1/10/2007 11:49 AM
Subject: Re: Acunetix offers free web audit to Universities

Hi Tamara,

I'd love to conduct an email or IM interview with your Sales VP. I think my readers would find it quite interesting. Can we set that up?

--
Ryan Grove
ryan@wonko.com
http://wonko.com/

I was sure she'd at least look at the website or google my name to check my credentials or something before letting me interview the VP of Sales, but to my surprise, I received the following response a day later:

From: Tamara Borg <tamara@acunetix.com>
To: Ryan Grove <ryan@wonko.com>
Cc: Kevin Vella <kjv@acunetix.com>
Date: 1/11/2007 12:07 AM
Subject: Re: Acunetix offers free web audit to Universities

Hi Ryan

That's great! Thanks for the interest in Acunetix.

Where are you located and what day works best for you? The interview would ideally be conducted in the morning due to time difference, as our Sales VP, Mr. Kevin J. Vella, who I am ccing, is based at our Malta office (Europe).

I look forward to hearing from you.

Kind regards
Tamara

Tamara Borg
Acunetix Ltd – www.acunetix.com
Web Application Security Software

She was pressing for a phone interview, but I knew there was no way I could keep from laughing and totally giving myself away on the phone. So I decided to cut to the chase:

From: Ryan Grove <ryan@wonko.com>
To: Tamara Borg <tamara@acunetix.com>
Cc: Kevin Vella <kjv@acunetix.com>
Date: 1/11/2007 10:05 AM
Subject: Re: Acunetix offers free web audit to Universities

Hi Kevin & Tamara,

I've only got a few questions, so we might as well just do this via email to avoid all the hassle of dealing with time differences and scheduling phone calls and whatnot. My questions for Mr. Vella are enclosed. Please feel free to respond at your leisure. Thanks!

Q: First off, can you give us a brief description of what the Acunetix SiteAudit service is?

Q: What do you see as the biggest security threat facing the industry today?

Q: One major threat facing our readers today is SQL injection. Many of our readers have been injecting SQL for years, sometimes with shared needles. What advice do you have for those who are suffering from frequent SQL injections and are having trouble stopping?

Q: As you know, the primary demographics of wonko.com are lesbians, ninjas, and farm animals. How will the Acunetix SiteAudit service help our readers ensure that their critical websites and customer data are safe from hackers?

Q: Given the propensity of ninjas to mount direct physical attacks on critical network infrastructure rather than using software-based techniques, does the Acunetix SiteAudit service take into account the risk of a full-on ninja assault?

Q: What are your thoughts on the effectiveness of unsolicited email as a marketing tool?

Q: Thank you very much for your time, Mr. Vella.

--
Ryan Grove
ryan@wonko.com
http://wonko.com/

I was hoping that he'd respond to the first two questions, be a little puzzled by the third but chalk it up to me being dumb, and then finally realize his mistake by the fourth or fifth question. I figured at that point he'd make an angry phone call or something and someone would get yelled at, and I'd never hear from Acunetix again.

Unfortunately (because it makes him look like less of a villain), Mr. Vella seems to have had a sense of humor about it. He sent this response:

From: Kevin J. Vella <kjv@acunetix.com>
To: Ryan Grove <ryan@wonko.com>, Tamara Borg <tamara@acunetix.com>
Date: 1/12/2007 12:10 AM
Subject: RE: Acunetix offers free web audit to Universities

Hi Ryan,
I liked the SQL Injection one!!! Hilarious! I know quite a few pigs and goats that while their time away hacking websites ;-)

Kevin

Kevin J. Vella
VP Sales and Operations
Acunetix Limited
email: kjv@acunetix.com
skype: kjamesv
Direct: +356 2316 8126
Tel: +356 2316 8000
Fax: +356 2316 8001
Web: http://www.acunetix.com
Web: http://www.acunetix.de

Is your web site hackable? Check with Acunetix Web Vulnerability Scanner

Damn. These things are so much less rewarding when the spammer has a sense of humor.