PaulDotCom mailing list archives
party trick to shut up the non-believers
From: only.samurai at gmail.com (Andrew Ellis)
Date: Mon, 3 May 2010 14:55:02 -0500
A trick I've used for a while is keeping a protected email spoofing form on my web server. That way when I'm asked to "demo" my skills, I can simply send the person an email from theirself or the like. This has the advantage of looking pretty cool to laymen and, as far as I know, isn't illegal. It's definitely not a "1337 hack" but it's a nice way to show the types of things that can be done without getting in too much trouble. -Andrew On 5/3/10, Chris Clymer <cclymer at gmail.com> wrote:
Rather than a live demo, better tactic might be telling a story about a vulnerability in joe sixpack terms. The pizza coupon thing (dominos?) a few months back is a good example. I see a lot of downsides to letting folks at a party pressure you into a live demo. You are basically allowing strangers to SE you. If you show a successful demo, you just know the next question will come: so can you hack into so-and-so's facebook account? ;) When you consider the potential for demo fail too, this is really a lose/lose situation :( ------------------------- securityjustice.com | chrisclymer.com On May 3, 2010, at 11:54 AM, Robin Wood <robin at digininja.org> wrote:Hi At a party the other day I was asked the normal question of what do I do for a living. I said security and kept it a bit vague but was pressed so explained what pen-testing is and roughly what I do. I then got the challenge, prove it, prove you can hack a company. People would say to a dentist, prove you can do a filling but this person insisted they wanted a demo. I explained the legalities and finally fobbed them off and got away but it got me thinking, has anyone got any good party tricks that they can pull in this kind of situation that give an instant wow but are easy to do and legal? Not quite legal but I was thinking if I knew any big sites with XSS I could rewrite but none came to mind at that time. Robin _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-- Andrew http://blog.psych0tik.net
Current thread:
- party trick to shut up the non-believers Robin Wood (May 03)
- party trick to shut up the non-believers Ron Gula (May 03)
- party trick to shut up the non-believers Robert Portvliet (May 03)
- party trick to shut up the non-believers Chris Clymer (May 03)
- party trick to shut up the non-believers Andrew Ellis (May 03)
- party trick to shut up the non-believers Robin Wood (May 03)
- party trick to shut up the non-believers Tim Krabec (May 03)
- party trick to shut up the non-believers Michael Douglas (May 03)
- party trick to shut up the non-believers Michael McGrew (May 03)
- party trick to shut up the non-believers Chris Clymer (May 04)
- party trick to shut up the non-believers Larry Pesce (May 04)
- party trick to shut up the non-believers Robin Wood (May 04)
- party trick to shut up the non-believers Chris Blazek (May 04)
- party trick to shut up the non-believers Mike Patterson (May 04)
- party trick to shut up the non-believers Craig Freyman (May 04)
- party trick to shut up the non-believers Andrew Ellis (May 03)
- party trick to shut up the non-believers Ron Gula (May 03)