|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
RE: "Free" pen-test
Date: Fri Jun 20 2003 - 04:31:29 EDT
<snip>
> > My question is this: how do white-hatters usually approach these
> > things?
<snip>
hellNbak answered:
> So let me get this straight. You engaged in completey
> unethical behaviour
> -- offered a free pen-test and now you are mad because you
> were not able to "scare" this guy into buying services from you?
You misunderstand me (perhaps deliberately?). I'm not in the security industry. I was tipped that a local firm had security issues. I have contacts who could provide the security that they need, so I went about bringing the two together. Mr Director agreed to a pen-test on the basis that our degree of success may or may not lead to a sales meeting. This wasn't blackmail, just an honest attempt to show a reluctant (and smug) manager that he was vulnerable. OK, we wasted some time (it seems) - some people just don't want a mirror held up to them.
Miguel's remarks are more useful. I'm interested in the approach to the psychology of this thing: what do you do when you know someone is wrong about his/her security but just refuses to see it? If I'd waited for this guy to approach me I'd have waited all my life. Likewise, if I'd tried to sell him a full pen-test backed up with a complete security report, he'd never have seen the need for it.
Well...any more comments would be interesting.
Pete
Latest attack techniques.
You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits and the latest techniques from a world-class research group.
Visit us at: www.coresecurity.com/promos/sf_ept1 or call 617-399-6980
Received on Fri Jun 20 11:29:45 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:38 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |