<snip> > > My question is this: how do white-hatters usually approach these > > things? <snip> hellNbak answered: > So let me get this straight. You engaged in completey > unethical behaviour > -- offered a free pen-test and now you are mad because you > were not able to "scare" this guy into buying services from you? You misunderstand me (perhaps deliberately?). I'm not in the security industry. I was tipped that a local firm had security issues. I have contacts who could provide the security that they need, so I went about bringing the two together. Mr Director agreed to a pen-test on the basis that our degree of success may or may not lead to a sales meeting. This wasn't blackmail, just an honest attempt to show a reluctant (and smug) manager that he was vulnerable. OK, we wasted some time (it seems) - some people just don't want a mirror held up to them. Miguel's remarks are more useful. I'm interested in the approach to the psychology of this thing: what do you do when you know someone is wrong about his/her security but just refuses to see it? If I'd waited for this guy to approach me I'd have waited all my life. Likewise, if I'd tried to sell him a full pen-test backed up with a complete security report, he'd never have seen the need for it. Well...any more comments would be interesting. Pete --------------------------------------------------------------------------- Latest attack techniques. You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits and the latest techniques from a world-class research group. Visit us at: www.coresecurity.com/promos/sf_ept1 or call 617-399-6980 ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Jun 20 2003 - 08:16:50 PDT