Re: whitehat to test a security config

To: harry@uklug.co.uk
Cc: debian-security@lists.debian.org
Subject: Re: whitehat to test a security config
From: Alvin Oga <aoga@mail.Linux-Consulting.com>
Date: Tue, 1 Nov 2005 03:52:43 -0800 (PST)
Message-id: <[🔎] Pine.LNX.3.96.1051101034749.11257A-100000@Maggie.Linux-Consulting.com>
In-reply-to: <[🔎] 20051101094842.85839.qmail@web50408.mail.yahoo.com>

On Tue, 1 Nov 2005, Harry wrote:

> Perhaps the following questions should be asked first
> 
> 1. How do we know know Mr Black is who he says he is?

> 2. How can we confirm the machine details he supplies
> are actually details of a machine that he owns?

... all valid points ..

- a face to face meeting is the only way to get 
  started on the "security test" per written contract
  drawn by a lawyer and signed by the "board of directors"

	- all else is asking to be tossed in the local
	pen with the crazies

- even after the face to face meeting, and seeing the
  machine to be tested, doesn't mean that after leaving,
  that the "target" box is still where you saw last

/// paranoia is a good thing  when doing some "supposedly" 
/// not-so-legal activities as it depends on who's view
/// and who's authority that you got the "free get-out-of-jail-card"

- lots of fun ...

c ya
alvin

Reply to:

References:
- Re: whitehat to test a security config
  - From: Harry <postituk@yahoo.com>

Prev by Date: Re: whitehat to test a security config
Next by Date: Re: Unknown sevice runing on debian machin
Previous by thread: Re: whitehat to test a security config
Next by thread: Re: whitehat to test a security config
Index(es):
- Date
- Thread