Calvin,
A friend of mine summed this kind of thing up when we were discussing this
thread earlier today.....
<CF_QUOTE Author="Chris Tazewell">
Bedroom boys - very pasty kids who spend all day on the computer and learn
programming through hacking - have no background in good programming
techniques - create progs cheaply for people but they're cr@p and
non-defensive...
Pay cr@p - get cr@p
</CF_QUOTE>
Hire someone to do it properly!
Regards
Stephen
PS. Hope you don't mind Chris... ;o)
> -----Original Message-----
> From: Calvin Ward [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, 05 April 2000 14:30
> To: [EMAIL PROTECTED]
> Subject: Re: Security holes revisited -- reward offered
>
>
> So what do you guys think about part time hackers that attempt a breakin,
> post general results on a website, and then ask for payment to fix your
> problems?
>
> Just curious...
>
> Please direct all responses to the newsgroup so that all may
> benefit from my
> lack of wisdom!
> ----- Original Message -----
> From: <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, April 04, 2000 9:20 PM
> Subject: RE: Security holes revisited -- reward offered
>
>
> > Mike,
> >
> > While it might not sound like it from my prior post, I agree with you.
> The
> > issue is why pay someone with an axe to grind to penetrate your system.
> But
> > whether he gets paid or not, my gut says the kid will try anyway just to
> get
> > back at the webmaster. Would I pay him? No way.
> >
> > However, should he succeed, or if the threat feels warranted, I would
> > definitely consider hiring a "tiger team" to review my security
> and as you
> > mention, under a contractual agreement, attempt to infiltrate security.
> Any
> > team that is worth hiring, will have such agreements to sign
> when you hire
> > them, because they want to be legally protected should they
> succeed. This
> > kid, however, is most likely going to break the law in his efforts if he
> > decides to, and manages to succeed in, modifying the web site
> or mis-using
> > information technology owned by the site. Unfortunately, it sounds like
> > even if he did, he might get a break from the owner, and that's the real
> > injustice here.
> >
> > Best of luck to the webmaster...
> >
> > --Doug
> >
> > -----Original Message-----
> > From: Mike Sheldon [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, April 04, 2000 3:29 PM
> > To: [EMAIL PROTECTED]
> > Subject: RE: Security holes revisited -- reward offered
> >
> >
> > I have to violently disagree with this.
> >
> > The individual in question is not a reputable security expert,
> he's a kid
> > with an axe to grind.
> >
> > I would never use any security group who cannot post a bond against any
> > potential damage they may cause in the act of attempting to
> penetrate the
> > system.
> >
> > Michael J. Sheldon
> > Internet Applications Developer
> > Phone: 480.699.1084
> > http://www.desertraven.com/
> > PGP Key Available on Request
> >
> --------------------------------------------------------------------------
> ----
> > Archives: http://www.eGroups.com/list/cf-talk
> > To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
> send a message to [EMAIL PROTECTED] with 'unsubscribe' in
> the body.
> >
>
> ------------------------------------------------------------------
> ------------
> Archives: http://www.eGroups.com/list/cf-talk
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf
_talk or send a message to [EMAIL PROTECTED] with
'unsubscribe' in the body.
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
