[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: whitehat to test a security config



On Tue, 1 Nov 2005, Harry wrote:

> Perhaps the following questions should be asked first
> 
> 1. How do we know know Mr Black is who he says he is?

> 2. How can we confirm the machine details he supplies
> are actually details of a machine that he owns?

... all valid points ..

- a face to face meeting is the only way to get 
  started on the "security test" per written contract
  drawn by a lawyer and signed by the "board of directors"

	- all else is asking to be tossed in the local
	pen with the crazies

- even after the face to face meeting, and seeing the
  machine to be tested, doesn't mean that after leaving,
  that the "target" box is still where you saw last

/// paranoia is a good thing  when doing some "supposedly" 
/// not-so-legal activities as it depends on who's view
/// and who's authority that you got the "free get-out-of-jail-card"

- lots of fun ...

c ya
alvin




Reply to: