[wplug] RE:one more question for today

Bill Moran wmoran at potentialtech.com
Tue Feb 22 13:07:24 EST 2005


"Petrucci, Joseph" <Joseph.Petrucci at ddiworld.com> wrote:

> I was hired to breqak there security I didn't go in and break it then
> threaten them into letting me fix it. 

This is a valid, if obscure, profession.

I just want to warn anyone who considers doing this.  Get a _written_
agreement from the person hiring you to do this.  Get a _lawyer_ to
write the agreement so it protects you.

If you're not getting paid enough for this kind of job to afford to
hire a lawyer to review the agreement, then you're not getting paid
enough to do it - don't.

You can get in a LOT of trouble, even if you are hired to do this,
if there's a simple misunderstanding, and the law _will_not_ be on 
your side.

>  
> Joseph A. Petrucci
> E Systems DBA
> ------------------------------------------------
> Desk: 412-220-2646
> Cell: 412-916-2867
> Text message (e-mail) 4129162867 at mobile.att.net
> e-mail joseph.petrucci at ddiworld.com
> Personal Cell: 724-462-0443
> Personal e-mail: japetrucci at hotmail.com
> 
> ________________________________
> 
> From: wplug-bounces+joseph.petrucci=ddiworld.com at wplug.org on behalf of Jonathan S Billings
> Sent: Tue 2/22/2005 12:19 PM
> To: General user list
> Subject: Re: [wplug] RE:one more question for today
> 
> 
> 
> Petrucci, Joseph wrote:
> >
> 
> > I very much disagree with Bill on one point, Although I would not
> > suggest firewall design as a first step to learning to program
> > learning to break something is the first step many times in making it
> > better. I have had a lot of contracts where my job started by
> > breaking security and finding weeknesses to later close those holes.
> > It is an interesting part of our profession.
> 
> I think that it is in extremely poor taste to think that getting a job
> by breaking security and then getting hired to fix it is anything other
> than extortion.  You're operating out of a position of power and fear,
> rather than helpfulness.
> 
> --
> Jonathan S. Billings <billings at negate.org>
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug
> 
> 
> 
> 


-- 
Bill Moran
Potential Technologies
http://www.potentialtech.com


More information about the wplug mailing list