Page 3 of 7 FirstFirst 12345 ... LastLast
Results 21 to 30 of 61

Thread: Hiring Hackers As Security Consultants

  1. #21
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Originally posted here by Maestr0
    "There are people who don't accept, who aren't obedient. They are weeded out, they're driving taxi cabs, they're behavior problems. The long-term effect of this is to reward and foster subordination; it begins in kindergarten and goes all the way through your professional or other career. If you challenge authority, you get in one or another kind of trouble. Again, it's not 100 percent the case, and there are some areas of life were it's dramatically not the case, but on average and overwhelmingly in the outcomes, it holds."
    -Noam Chomsky


    -Maestr0
    Excellent counterpoint. I like it.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  2. #22
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    You can't be a painter before you pick up the brush. I pulled that out of my ass but it works for this one.

  3. #23
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Originally posted here by zencoder
    Excellent counterpoint. I like it.
    Perhaps you should read some of his books? You should be able to find them. If you like Punk Rock you should have no problem reading and understanding this guy.

  4. #24
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    Perhaps start them out lower with very little access and make them work their way up?Maybe by creating a policy that would involve more than one person part of the decision taking at every level?Or would that decrease inefficiency?
    this is not what the question was asking though, it is asking about hiring a hacker to do pentesting, which means they come in "hack" your system and give you results. You dont have the time to earn trust. It has to be there right off the bat, and you have to feel that at the end of the day, when there job is done they will "forget" all the information they learned and never use it against you.

    If you were looking for a long term thing, then yes there experience would be a huge asset, and then you can work with the theory that if paid enough, people wont steal (generally). And yes you could work to gian trust with them, and start them with low access and all that stuff. but in a security audit, and pen testing project its a very short period of time.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  5. #25
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    If you owned a business or a house, who would YOU want to show you the ways someone could break in, the police or a theif?

  6. #26
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,534
    who would YOU want to show you the ways someone could break in, the police or a theif?
    Round here, the Police are the ones to show you the ways to secure the property.
    Talk about set a thief to catch a thief
    so now I'm in my SIXTIES FFS
    WTAF, how did that happen, so no more alterations to the sig, it will remain as is now

    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  7. #27
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    Id perfer the police, becasue the chance of them comming back knowing the vulnerabilities and trying to break in a far lower. Then again...where i am from a good number of police are the thiefs, so... Ill buy a shotgun instead.


    But I find the nature of this comparison flawed. Breaking into a house and breaking into a network are far different. you NEED physical access to get to a house. A hacker can take apart your network from across the glode, much lower chance of getting caught, much easier to avoid punishment if caught. I have police patroling the area I live, I have neighbors, I have random people walking by at all hours of the night (very popular jogging/walking/ biking path) so there is a HUGE difference in the two scenarios.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  8. #28
    ONCE AGIAN! Some of you seem to be a bit confused as to what a consultant actually does... their job is to give a second opinion, to overlook what is in development, and to give estimate of a cost effective solution. This is what a consultant does, security or otherwise. I don't know of anyone who gets paid to sit on their asses and play around with a vulnerability scanner or to "hax t3h pL4n3t"... get serious and after that you might wanna go get bent a few times.

  9. #29
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    If you owned a business or a house, who would YOU want to show you the ways someone could break in, the police or a theif?
    The theif, without question. I would want the person with the knowhow of how to break in, etc show me how they do it. Thus afterwards I can learn how to counteract it or learn to secure myself. I'd much rather have the theif show me his practiced methods than the police telling me what he learned in his little training video.
    Space For Rent.. =]

  10. #30
    Junior Member
    Join Date
    Aug 2003
    Posts
    12
    If you owned a business or a house, who would YOU want to show you the ways someone could break in, the police or a theif?
    The thief obviously, the police have to catch thieves thus the thief is always expanding his expertise in his area meaning he has to stay one step ahead of the pursuer. That works both ways but I think the thief has the edge and I think that may well apply to this situation. One step behind.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •