Mike,
While it might not sound like it from my prior post, I agree with you. The
issue is why pay someone with an axe to grind to penetrate your system. But
whether he gets paid or not, my gut says the kid will try anyway just to get
back at the webmaster. Would I pay him? No way.
However, should he succeed, or if the threat feels warranted, I would
definitely consider hiring a "tiger team" to review my security and as you
mention, under a contractual agreement, attempt to infiltrate security. Any
team that is worth hiring, will have such agreements to sign when you hire
them, because they want to be legally protected should they succeed. This
kid, however, is most likely going to break the law in his efforts if he
decides to, and manages to succeed in, modifying the web site or mis-using
information technology owned by the site. Unfortunately, it sounds like
even if he did, he might get a break from the owner, and that's the real
injustice here.
Best of luck to the webmaster...
--Doug
-----Original Message-----
From: Mike Sheldon [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 04, 2000 3:29 PM
To: [EMAIL PROTECTED]
Subject: RE: Security holes revisited -- reward offered
I have to violently disagree with this.
The individual in question is not a reputable security expert, he's a kid
with an axe to grind.
I would never use any security group who cannot post a bond against any
potential damage they may cause in the act of attempting to penetrate the
system.
Michael J. Sheldon
Internet Applications Developer
Phone: 480.699.1084
http://www.desertraven.com/
PGP Key Available on Request
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
