Bugtraq mailing list archives
Re: Vulnerabilites in new laws on computer hacking
From: ArkanoiD <ark () eltex net>
Date: Fri, 17 Feb 2006 14:28:29 +0300
nuqneH, I'd even say, if you hire someone whose security knowledge is based solely on breaking into systems, this guy will not able to produce valuable reports for customers because his viewpoint is likely to be flawed; his knowledge on protecting system usually falls into "patch-this-hole" pattern, not risk assessment and secure design. Not always (well, i myself was a very bad guy years ago), but i think it is the main reason of big IT security companies policy "we do not hire hackers" - not because they you cannot trust them - that is not true, they often have a kind of own ethics strong enough - but just because they are almost useless. There are exceptions, sure. On Thu, Feb 16, 2006 at 08:54:51AM +1100, Craig Wright wrote:
"If you hire someone that has never broken into a system, this guy will not be able to produce valuable reports for customers because he will not be able to find vulnerabilities that can't be found running a scanner." The quote above is wrong. Empirically and categorically wrong. This is a case of blind assertion with no proof let alone evidence. Lets look at things a little scientifically. For all you hope to demonstrate with this style of pen. test you are only as effective at best as a poorly run hands on vulnerability based risk assessment.
Current thread:
- Re: Vulnerabilites in new laws on computer hacking, (continued)
- Message not available
- Re: Vulnerabilites in new laws on computer hacking Ansgar -59cobalt- Wiechers (Feb 21)
- Re: Vulnerabilites in new laws on computer hacking Radoslav Dejanović (Feb 16)
- Re: Vulnerabilites in new laws on computer hacking Glynn Clements (Feb 16)
- Re: Vulnerabilites in new laws on computer hacking Jon Gucinski (Feb 18)
- Re: Vulnerabilites in new laws on computer hacking ArkanoiD (Feb 21)
- RE: Vulnerabilites in new laws on computer hacking Craig Wright (Feb 16)
- Message not available
- RE: Vulnerabilites in new laws on computer hacking Marcus J. Ranum (Feb 16)
- Re: Vulnerabilites in new laws on computer hacking dave (Feb 18)
- Re: Vulnerabilites in new laws on computer hacking Seth Breidbart (Feb 18)
- Re: Vulnerabilites in new laws on computer hacking ArkanoiD (Feb 21)
- Message not available
- Re: Vulnerabilites in new laws on computer hacking ArkanoiD (Feb 18)
- RE: Vulnerabilites in new laws on computer hacking Bigby Findrake (Feb 21)
- Re: Vulnerabilites in new laws on computer hacking Casper . Dik (Feb 24)
- Re: Vulnerabilites in new laws on computer hacking Jure Koren (Feb 26)
- Re: Vulnerabilites in new laws on computer hacking FocusHacks (Feb 21)
- Re: Vulnerabilites in new laws on computer hacking Davi Anabuki (Feb 24)