From: Bob Radvanovsky (rsradvan@unixworks.net)
Date: Thu Feb 09 2006 - 17:11:00 EST
Believe it or not, many things that pen-testers and/or social engineers do are the "obvious" things. Things that are oblivious to most people, sometimes, are not-so oblivious to those who exist in a frame of mind that is "outside" from everyone else's.
Maybe this will put things into a slightly different perspective that perhaps you could relate to, or even appreciate. In school (high school, college, technical school -- it doesn't matter), have you ever worked on a homework or lab assignment that had you *stumped*, only to ask, either the teacher of the class or a fellow classmate, for some help, they come in, look at your configuration or the method/approach that you're taking, only then to type/write something down in a matter of seconds?
Sometimes, you need someone who's not immersed or engrossed in whatever your clients or environment has you bottled up in. Also, it takes a certain mindset to be able to view things from this perspective, and some would even argue that it's genetic (born with a "gift" versus learned within an environment). I tend to think that it combines a little of both, taking into account people who have an ability -- a gift (if you will) -- that can perceive concepts from either a wwwwwiiiiiiidddddeeeee perspective, then suddenly, at a moments notice, shift their train of thought to something more tightly focused, only later go back to the wide-angle perspective again.
Many people, many companies would like you to think that a "child" is what's behind most attacks, and some would argue ostensibly, that it is a group of children performing such acts. But what many fear, yet never state, is that often times, there's a "mastermind" at work, that controls, manipulates, an endoctrinates these children into performing whatever acts they do. To some, they feel that they're doing this to (as you put it) get famous, others want to get rich quickly, whereas some think that they're performing an act that they don't see as wrongful ("evil") acts. It is a known fact in psychology that children -- up to certain age groups -- have abilities of perception, comprehenson, understanding and mental mechanics -- that far surpass most adults. And thus drawing upon a conclusion that (for sake of simplicity) the acts performed, either negatively or positively (it depends on who's performing what) is mere "childs play".
I would garner you this challenge. Put yourself (or attempt to) into a frame of mind similar to what has been discussed here, then ask yourself a single, yet importantly decisive question: "How would <xxx> perform such a task?" If you can answer that, then perhaps, you have a naturally-born gift for such levels of creativity that places such as the NSA, CIA or various intel groups would *love* to hire you!!! I've known children who have mathemtical capabilities that would boggle even the best of mathematicians, and yet -- to them -- everything appears "easy" to them.
Having been "on both sides of the fence", I can tell you that it isn't easy. I started college at age 14 -- well before I was even finished with jumior high school -- and well on my way while I was still *in* high school! Does that make me smart? Not really. I just had a knack -- an ability -- to see things *differently* -- than most other people did at that time. This was in the late 1970's/early 1980's. Times have changed since then, and not for the better, either. If you are thinking that tasks such as these are easy, you now need to think of the consequences that are (now) often times associated with such tasks. Yes, I'm talking about "bureaucracies" (possibly beyond even your worst nightmarish perceptions of "Red Tape Hell" or "Paperwork Purgatory"), not to mention thinking of legal (libel) consequences. Many people on this discussion group (myself included) who wish to continue working -- freely -- as a citizen, and thus, offer *some* consul, but not to the point of where they could be held li
able for their actions or suggestive content.
Bob Radvanovsky, CISM, CIFI, REM, CIPS
"knowledge squared is information shared"
rsradvan (at) unixworks.net | infracritical.com | ehealthgrid.com
(630) 673-7740 | (412) 774-0373 (fax)
----- Original Message -----
From: Brian Loe [mailto:knobdy@gmail.com]
To: pen-test@securityfocus.com
Subject: Fwd: Penetration test of 1 IP address
> Every time I see one of these e-mails the first question that pops
> into my mind is, "where do I get a customer like that?!"
>
> The second thing that pops into my mind is that it can't be a "real"
> job - that its most likely some high school kid who wants to be
> famous, but not smart enough to figure out how.
>
> I'm not a security "expert". I've never done a pen test. However,
> everything that has been suggested, I already knew how to do - and
> would have known to do it.
>
> On 2/9/06, Levenglick, Jeff <JLevenglick@fhlbatl.com> wrote:
> > That's right.. Legal software. I wonder what would happen if this person
> > was not legit and
> > The company found out that all of the people on this list helped him?
> >
> > Or better yet. (as I stated before) This person does not have the
> > background or knowledge to give this company
>
> ------------------------------------------------------------------------------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
>
> futile against web application hacking. Check your website for
> vulnerabilities
> to SQL injection, Cross site scripting and other web attacks before hackers
> do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> -------------------------------------------------------------------------------
>
>
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:29 EDT