RE: "Free" pen-test

From: Pete (pen_test_list_at_petesmithcomputers.com)
Date: 06/20/03

  • Next message: J.A. Terranson: "RE: "Free" pen-test"
    To: <pen-test@securityfocus.com>
    Date: Fri, 20 Jun 2003 09:31:29 +0100
    
    

    <snip>

    > > My question is this: how do white-hatters usually approach these
    > > things?

    <snip>

    hellNbak answered:

    > So let me get this straight. You engaged in completey
    > unethical behaviour
    > -- offered a free pen-test and now you are mad because you
    > were not able to "scare" this guy into buying services from you?

    You misunderstand me (perhaps deliberately?). I'm not in the security
    industry. I was tipped that a local firm had security issues. I have
    contacts who could provide the security that they need, so I went about
    bringing the two together. Mr Director agreed to a pen-test on the basis
    that our degree of success may or may not lead to a sales meeting. This
    wasn't blackmail, just an honest attempt to show a reluctant (and smug)
    manager that he was vulnerable. OK, we wasted some time (it seems) -
    some people just don't want a mirror held up to them.

    Miguel's remarks are more useful. I'm interested in the approach to the
    psychology of this thing: what do you do when you know someone is wrong
    about his/her security but just refuses to see it? If I'd waited for
    this guy to approach me I'd have waited all my life. Likewise, if I'd
    tried to sell him a full pen-test backed up with a complete security
    report, he'd never have seen the need for it.

    Well...any more comments would be interesting.

    Pete

    ---------------------------------------------------------------------------
    Latest attack techniques.

    You're a pen tester, but is google.com still your R&D team? Now you can get
    trustworthy commercial-grade exploits and the latest techniques from a
    world-class research group.

    Visit us at: www.coresecurity.com/promos/sf_ept1
    or call 617-399-6980
    ----------------------------------------------------------------------------


  • Next message: J.A. Terranson: "RE: "Free" pen-test"

    Relevant Pages