Re: [Full-disclosure] Fwd: Rate Stratfor's Incident Response



On Mon, 09 Jan 2012 20:00:11 +0100, "J. von Balzac" said:

Valdis you make me curious - how do you know that most are kids, and
script kiddies?

Note that it wasn't me who suggested hiring script kiddies to do pen tests. I
was pointing out why it wouldn't work.

Isn't it more likely that the people who massively pwned Stratfor are
indeed mature and serious?

If they're mature, serious, and pwning machines like that, they're heavy duty
black hats (pretty much by definition). What are the chances they'll want to
take a consulting gig doing a pen test (which would require they come out of
hiding?)

Yes, there's a few people working both sides of the fence. *VERY* few, and
certainly not enough to make it feasible in general to hire one to do your
pentests. And again, there's that whole "Do you really want to hire a known
black hat" issue to work around.

Attachment: pgpnNnub0kaRT.pgp
Description: PGP signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/