[wplug] RE:one more question for today
Bill Moran
wmoran at potentialtech.com
Tue Feb 22 13:07:24 EST 2005
"Petrucci, Joseph" <Joseph.Petrucci at ddiworld.com> wrote:
> I was hired to breqak there security I didn't go in and break it then
> threaten them into letting me fix it.
This is a valid, if obscure, profession.
I just want to warn anyone who considers doing this. Get a _written_
agreement from the person hiring you to do this. Get a _lawyer_ to
write the agreement so it protects you.
If you're not getting paid enough for this kind of job to afford to
hire a lawyer to review the agreement, then you're not getting paid
enough to do it - don't.
You can get in a LOT of trouble, even if you are hired to do this,
if there's a simple misunderstanding, and the law _will_not_ be on
your side.
>
> Joseph A. Petrucci
> E Systems DBA
> ------------------------------------------------
> Desk: 412-220-2646
> Cell: 412-916-2867
> Text message (e-mail) 4129162867 at mobile.att.net
> e-mail joseph.petrucci at ddiworld.com
> Personal Cell: 724-462-0443
> Personal e-mail: japetrucci at hotmail.com
>
> ________________________________
>
> From: wplug-bounces+joseph.petrucci=ddiworld.com at wplug.org on behalf of Jonathan S Billings
> Sent: Tue 2/22/2005 12:19 PM
> To: General user list
> Subject: Re: [wplug] RE:one more question for today
>
>
>
> Petrucci, Joseph wrote:
> >
>
> > I very much disagree with Bill on one point, Although I would not
> > suggest firewall design as a first step to learning to program
> > learning to break something is the first step many times in making it
> > better. I have had a lot of contracts where my job started by
> > breaking security and finding weeknesses to later close those holes.
> > It is an interesting part of our profession.
>
> I think that it is in extremely poor taste to think that getting a job
> by breaking security and then getting hired to fix it is anything other
> than extortion. You're operating out of a position of power and fear,
> rather than helpfulness.
>
> --
> Jonathan S. Billings <billings at negate.org>
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug
>
>
>
>
--
Bill Moran
Potential Technologies
http://www.potentialtech.com
More information about the wplug
mailing list