Bad Raps for Non-Hacks

Bad Raps for Non-Hacks
Mark Rasch, 2003-06-16

A few odd cases show that you don't have be a digital desparado to be accused of a cybercrime... particularly if you embarrass the wrong bureaucrats.

Expand all | Post comment

the girl next door 2003-06-16
Kees Huyser

Bad Raps for Non-Hacks 2003-06-16
blacklight

Pen-testing own (hosted) domain 2003-06-17
Andy (1 replies)

Pen-testing own (hosted) domain 2003-06-18
Anonymous

Bad Raps for Non-Hacks 2003-06-17
Anonymous (3 replies)

Inadvertent Straying While Pen Testing 2003-06-17
Mark Rasch (1 replies)

Inadvertent Straying While Pen Testing 2003-06-23
Anonymous

Bad Raps for Non-Hacks 2003-06-19
blacklight

Bad Raps for Non-Hacks 2003-06-19
Elc0chin0 (1 replies)

I have a problem with the "get it in writing" people. To me this is as dumb as it gets. Let me ask you one question about Penetration testing then let me give you an analogy.

Does a hacker send you a "letter of intent"?

Analogy:
If you work in a building where physical security is required and all the guards (IDS) watch the front door, you notice a backdoor entry where there are no guards. You walk through the back door without getting caught. Do you not bring this up to the guards because you didn't get it in writing?

Maybe I'm taking away the more anal justification for paperwork but that is a real issue.

You don't ask a guard to protect the facility and not provide them the tools (i.e. GUN). Why would you do the same with a IT Security Professional? (i.e. snifer, scanner, mapping, etc.)

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/167/20525#20525

Bad Raps for Non-Hacks 2003-06-23
Ferg (1 replies)

Bad Raps for Non-Hacks 2003-06-24
blacklight

Bad Raps for Non-Hacks 2003-06-18
Elc0chin0

Bad Raps for Non-Hacks 2003-06-20
Hamster1