Re: whitehat to test a security config
On Tue, 1 Nov 2005, Harry wrote:
> Perhaps the following questions should be asked first
>
> 1. How do we know know Mr Black is who he says he is?
> 2. How can we confirm the machine details he supplies
> are actually details of a machine that he owns?
... all valid points ..
- a face to face meeting is the only way to get
started on the "security test" per written contract
drawn by a lawyer and signed by the "board of directors"
- all else is asking to be tossed in the local
pen with the crazies
- even after the face to face meeting, and seeing the
machine to be tested, doesn't mean that after leaving,
that the "target" box is still where you saw last
/// paranoia is a good thing when doing some "supposedly"
/// not-so-legal activities as it depends on who's view
/// and who's authority that you got the "free get-out-of-jail-card"
- lots of fun ...
c ya
alvin
Reply to: