[wplug] RE:one more question for today

Petrucci, Joseph Joseph.Petrucci at ddiworld.com
Tue Feb 22 13:20:48 EST 2005 

It is not as obscure as it used to be although I did it many years ago, these days 50% of the headhunter calls I get are about Security in some way. Breaking into a companies security is in a lot of ways like a Performance tuning expert collecting baseline statistics before he can know what needs tuned. The old "Tiger teams" (don't know if te use that term anymore) which was hired by a company to asault there network and map out weekensses was very popular in the late 80's when I worked in that area. 
 
Chris teodorski informs me my e-mail client is sending out annoying attachments so I will come back on after I fix it. 
 
Joseph A. Petrucci
E Systems DBA
------------------------------------------------
Desk: 412-220-2646
Cell: 412-916-2867
Text message (e-mail) 4129162867 at mobile.att.net
e-mail joseph.petrucci at ddiworld.com
Personal Cell: 724-462-0443
Personal e-mail: japetrucci at hotmail.com

________________________________

From: Bill Moran [mailto:wmoran at potentialtech.com]
Sent: Tue 2/22/2005 1:07 PM
To: General user list
Cc: Petrucci, Joseph
Subject: Re: [wplug] RE:one more question for today



"Petrucci, Joseph" <Joseph.Petrucci at ddiworld.com> wrote:

> I was hired to breqak there security I didn't go in and break it then
> threaten them into letting me fix it.

This is a valid, if obscure, profession.

I just want to warn anyone who considers doing this.  Get a _written_
agreement from the person hiring you to do this.  Get a _lawyer_ to
write the agreement so it protects you.

If you're not getting paid enough for this kind of job to afford to
hire a lawyer to review the agreement, then you're not getting paid
enough to do it - don't.

You can get in a LOT of trouble, even if you are hired to do this,
if there's a simple misunderstanding, and the law _will_not_ be on
your side.

> 
> Joseph A. Petrucci
> E Systems DBA
> ------------------------------------------------
> Desk: 412-220-2646
> Cell: 412-916-2867
> Text message (e-mail) 4129162867 at mobile.att.net
> e-mail joseph.petrucci at ddiworld.com
> Personal Cell: 724-462-0443
> Personal e-mail: japetrucci at hotmail.com
>
> ________________________________
>
> From: wplug-bounces+joseph.petrucci=ddiworld.com at wplug.org on behalf of Jonathan S Billings
> Sent: Tue 2/22/2005 12:19 PM
> To: General user list
> Subject: Re: [wplug] RE:one more question for today
>
>
>
> Petrucci, Joseph wrote:
> >
>
> > I very much disagree with Bill on one point, Although I would not
> > suggest firewall design as a first step to learning to program
> > learning to break something is the first step many times in making it
> > better. I have had a lot of contracts where my job started by
> > breaking security and finding weeknesses to later close those holes.
> > It is an interesting part of our profession.
>
> I think that it is in extremely poor taste to think that getting a job
> by breaking security and then getting hired to fix it is anything other
> than extortion.  You're operating out of a position of power and fear,
> rather than helpfulness.
>
> --
> Jonathan S. Billings <billings at negate.org>
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug
>
>
>
>


--
Bill Moran
Potential Technologies
http://www.potentialtech.com



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://penguin.wplug.org/pipermail/wplug/attachments/20050222/37f5d665/attachment.html

More information about the wplug mailing list