◆ SpookStack

Slashdot | Adrian Lamo Chargeg@iVith Hacking e@ Page 3 of 33 A PMLAN GE 4 ithno WoL UUW WULD WELUUUL IUgIDU ALL, Latin LU @ opera: WUURLL set by the bouncing process . [ Reply to This | Parent ] o Re:The Real Problem by twofidyKidd (Score:1) Saturday September 06, @01:29PM o Re:The Real Problem by Anonymous Coward (Score:1) Saturday September 06, @02:50PM o Re:The Real Problem by dmuth (Score:2) Saturday September 06, @06:07PM © 2 +xeplies beneath your current threshold. @11:34AM e Re:The Real Problem by Anonymous Coward (Score:1) Saturday September 06, @12:52PM © i yeply beneath your current threshold. « Re:The Real Problem by Digitalexikon (Score:1) Saturday September 06, @04:17PM. « Re:The Rea! Prob e And good riddance. by JeffTL (Score:3) Saturday September 06, @10:46AM Re:And good riddance. (Score:5, Insightful) ] by SerpentDrago (703376) * on Saturday September 06, @10:52AM (#6887138) If you ask and tell theam your going to try to hack. Then they will tighten security. Thats exactly why you can’t tell theam. You have to just do it. at a random time without theam knowing , then see if they catch it. Thats the only true way to "test" Do it Blind or it is not real. A BlackHat will never ask or tell you when. [ Reply to This | Parent ] o Re:And good riddance. by the_2nd_coming (Score:1) Saturday September 06, @11344M Re:And good riddance. (Score:5, Insightful) by Shoten (260439) on Saturday September 06, @11:46AM (#6887427) I think you're confusing what Lamo did with something that the NYT actually gave permission for. I agree with you, that a penetration test should be performed in such a way as to be unexpected, so paranoid admins can't do stupid things to improve the results (like turn off all inbound access for a day). But this wasn't a penetration test, it was nothing more than an uninvited and deeply illegal intrusion plus some spin control for the media. Tknow a lot of people look at it and say, "Oh, but he had good intentions, that makes it ok!" It's not really like that...we don't KNOW his real intentions at all, just what he SAYS his intentions are. But, if someone owned your network, would you just trust them when they say they didn’t do anything more insidious than they told you about? I wouldn't, and the resulting cleanup to make sure that nothing more was done is an expensive and dismuptive process. This is part of why the damages for relatively minor hacks end up being so enormous in many cases. FBI(19-cv-1495)-1895 hitp://slashdot.org/articles/03/09/06/1325221 shtml?tid=123&tid=126&tid=172éetid=99 9/8/2003