On Mon, 09 Jan 2012 20:00:11 +0100, "J. von Balzac" said: > Valdis you make me curious - how do you know that most are kids, and > script kiddies? Note that it wasn't me who suggested hiring script kiddies to do pen tests. I was pointing out why it wouldn't work. > Isn't it more likely that the people who massively pwned Stratfor are > indeed mature and serious? If they're mature, serious, and pwning machines like that, they're heavy duty black hats (pretty much by definition). What are the chances they'll want to take a consulting gig doing a pen test (which would require they come out of hiding?) Yes, there's a few people working both sides of the fence. *VERY* few, and certainly not enough to make it feasible in general to hire one to do your pentests. And again, there's that whole "Do you really want to hire a known black hat" issue to work around.
Attachment:
pgp9qo8VnSNAc.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/