party trick to shut up the non-believers

[mike at snowcrash.ca (Mike Patterson)]

On 2010/05/03 11:54 AM, Robin Wood wrote:
> At a party the other day I was asked the normal question of what do I
> do for a living. I said security and kept it a bit vague but was
> pressed so explained what pen-testing is and roughly what I do. I then
> got the challenge, prove it, prove you can hack a company.

Holy crap, what kind of parties do you go to?  That's an ignorant
challenge from an idiot, and in your place I'd have felt perfectly
comfortable saying that, only with (lots) more cusswords.

> anyone got any good party tricks that they can pull in this kind of
> situation that give an instant wow but are easy to do and legal? Not
> quite legal but I was thinking if I knew any big sites with XSS I
> could rewrite but none came to mind at that time.

Carry around a copy of DVL with you?  Somebody so idiotic as to think
they can challenge you like that wouldn't recognise if it was a "real"
company.  Honestly though, I wouldn't give a nutjob like that the time
of day or the satisfaction of having called you out.  Do they ask
plumbers to prove they can weld copper, or Crown Attorneys to prove
they've convicted somebody?  Jeez, I used to be in the infantry, I can't
even _imagine_ what they might have asked me to do - "prove you can
shoot somebody centre of mass from 300m"?!

Mike