RE: "Free" pen-test

From: Pete (
Date: 06/20/03

  • Next message: J.A. Terranson: "RE: "Free" pen-test"
    To: <>
    Date: Fri, 20 Jun 2003 09:31:29 +0100


    > > My question is this: how do white-hatters usually approach these
    > > things?


    hellNbak answered:

    > So let me get this straight. You engaged in completey
    > unethical behaviour
    > -- offered a free pen-test and now you are mad because you
    > were not able to "scare" this guy into buying services from you?

    You misunderstand me (perhaps deliberately?). I'm not in the security
    industry. I was tipped that a local firm had security issues. I have
    contacts who could provide the security that they need, so I went about
    bringing the two together. Mr Director agreed to a pen-test on the basis
    that our degree of success may or may not lead to a sales meeting. This
    wasn't blackmail, just an honest attempt to show a reluctant (and smug)
    manager that he was vulnerable. OK, we wasted some time (it seems) -
    some people just don't want a mirror held up to them.

    Miguel's remarks are more useful. I'm interested in the approach to the
    psychology of this thing: what do you do when you know someone is wrong
    about his/her security but just refuses to see it? If I'd waited for
    this guy to approach me I'd have waited all my life. Likewise, if I'd
    tried to sell him a full pen-test backed up with a complete security
    report, he'd never have seen the need for it.

    Well...any more comments would be interesting.


    Latest attack techniques.

    You're a pen tester, but is still your R&D team? Now you can get
    trustworthy commercial-grade exploits and the latest techniques from a
    world-class research group.

    Visit us at:
    or call 617-399-6980

  • Next message: J.A. Terranson: "RE: "Free" pen-test"