[Techtalk] Gender as a weapon? Pen-testing and female
auditors
Walt
pippin at freeshell.org
Wed Mar 24 23:23:06 EST 2004
Raven,
Isn't it a bit of a hole in this kind of security auditing
that you can be trusted? In other words, since you
can be trusted to not do any genuine harm to the
company, if someone trusts you and lets you know
a bit of information that you rightfully shouldn't be
entitled to, they're not actually causing any harm.
They have not given their trust to an untrustworthy
person. They have violated the letter of the law,
but had you been an actual *evil hacker*, they may
have responded differently if only because their
gut reaction was negative or because they picked
up a different "vibe" or motive from you.
The only way to do true social "pen-testing" of this
sort, it would seem, would be to find a nasty black-
hat infiltrator and set 'em loose in your company
with the knowledge that they can and probably will
use any information that they reap. :-)
It is not logical that pen-testing in any non-government,
minor company should result in the firing of an
employee. Rather, I'd think it would result in a, "let
that be a lesson to you!" type of reprimand.
Am I way off base here...?
Walt
-~
Genius is the highest type of reason--talent the highest kind
of understanding.
L.P. Hickok
More information about the Techtalk
mailing list