>I think this is one of the dumbest things I ever read on Security Focus...

Well, just listen to that objectivism!

Frankly, I can think of many better ways to "cover" myself than by calling attention to my actions with a detailed written confession. This student was clearly not as stupid as you seem to think he was. I'd like to see you try and fix the security holes he found, without referencing his report.

>That to me is more likely than someone breaking in as a "Good Samaritan" without prior approval to run the test.

Then you don't follow the news much. Or know much about computer security at all, for that matter. Otherwise, you'd know that this is an extremely common occurrence.

>... get permission to run the pen test.

Did you read the article? How likely do you think this university would be to give someone like him, permission to "test" their security? Why don't you try asking at *your* local university, and see what they say? I'll be happy to visit you in jail.

>Why anyone would be that bored to want to improve the security of "Company X" is beyond me.

Like I said earlier, this shows your complete ignorance as far as security is concerned. Let me recommend a (couple of) good links to help get this concept within your reach.

http://www.chicagocon.com/
http://en.wikipedia.org/wiki/White_hat
https://www.defcon.org/html/links/dc-faq/dc-faq.html
http://www.eccouncil.org/ceh.htm
http://www.eff.org/
http://www.ethicalhacker.net/
http://www.infosecinstitute.com/
http://www.darknet.org.uk/

For further reading, type the words "ethical hacking" into Google. Happy hacking!

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/481/35176#35176