[Techtalk] Gender as a weapon? Pen-testing and female auditors
R. Daneel Olivaw
linuxchix at r-daneel.com
Wed Mar 17 02:57:01 EST 2004
Hello there :)
Rachel McConnell <rachel at xtreme.com> a écrit:
> > Your main question will be : If I succeed, is it because I am
> > efficient at my job or because I look pretty ?
> > Maybe both, maybe looking pretty is just a bonus, that little plus
> > that will set you on top of other's choices.
> >
> > Anyhow, do what you think is "right".
> >
> > bye,
> >
> > R. Daneel Olivaw,
> > The Robot Inside
>
> I'm not sure this is the right question to ask, actually. The whole
> idea of social engineering penetration testing is to USE 'looking
> pretty' as one of the tools of the job. Thus in this case using one's
>
> looks and/or sex appeal is a (required?) part of being efficient (&
> therefore effective), not an alternative.
>
> Not an easy area to find answers in, at all.
I guess I just missed some of the many subjects exposed by that e-mail.
I'm sorry about that. I was focusing on the human question, about
"right" or "wrong", but it's just a subset of the real subject.
If I step to the "social engineering" point of view, I would say (and I
think I already read someone quoting something similar) that as far as
the true goal is identified (breaking in by social engineering), there
is no"good" or"bad".
Social engineering is there to circumvene a barrier. Any way to do it
is"right" ...
Most of the social engineering is based on false information, provided
to the right & "vulnearble" people. From there on, the goal is to
maintain an illusion, until the informations can be grabbed out without
noone noticing.
Empathy, authority, and personal charm may lead to a higher level of
trust. Just a sort of "privilege escalation" process, applied to humans.
It seems that humans use their social skills very often, naturally. So
why not enhancing something we already do ? I don't like to do it. As I
said, if I get nice to people "naturally" I'm pleased, but if I need to
make an exra effort, just to reach my goal, I feel I'm a hypocrite. Such
a "victory" would have no "glory".
Now, it seems that sometimes there is no way to avoid such a behaviour,
because if you don't manage to 'lie' you'll be the loser.
There is the question again : how much are you willing to loose before
you give up your principles. For how much would you "sell your soul to
the devil" ?
Well, seems it's late here (2am), so I'll stop being annoying ;)
Good night, well, depends, ... :p
R. Daneel Olivaw,
The Robot Inside.
More information about the Techtalk
mailing list