Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Fwd: Rate Stratfor's Incident Response
From: Valdis.Kletnieks () vt edu
Date: Mon, 09 Jan 2012 14:54:55 -0500

On Mon, 09 Jan 2012 20:00:11 +0100, "J. von Balzac" said:

Valdis you make me curious - how do you know that most are kids, and
script kiddies?

Note that it wasn't me who suggested hiring script kiddies to do pen tests. I
was pointing out why it wouldn't work.

Isn't it more likely that the people who massively pwned Stratfor are
indeed mature and serious?

If they're mature, serious, and pwning machines like that, they're heavy duty
black hats (pretty much by definition).  What are the chances they'll want to
take a consulting gig doing a pen test (which would require they come out of
hiding?)

Yes, there's a few people working both sides of the fence. *VERY* few, and
certainly not enough to make it feasible in general to hire one to do your
pentests.  And again, there's that whole "Do you really want to hire a known
black hat" issue to work around.

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault