At 05:35 AM 2/18/00 -0800, [EMAIL PROTECTED] wrote:
>Depends on your view, I would prefer a gray hat, over those so-called
>"White Hats" which the Big Six firms were promoting a few years ago. At
>least a gray hat might have the technical saavy to find a problem, suggest
>the correct fix, and possibly can write the fix. A White Hat can point
>out all the nice holes but there is more to it than that.
The bottom line question, I think, from Jeff's original post is: On what
basis do you trust someone who breaks into other people's computers and
networks? They may know more (Mark's assertion) but how can you trust them
to use that knowledge on your behalf? How do you know that they didn't find
100 things wrong, and only told you about 75?
I'm not referring to l0pht, specifically, but the situation in general. Ted
Julian is involved in @Stake and Ted's a good guy and I have reason to
trust him. When I saw the @Stake announcement I thought, "How gutsy. I
wonder if they can pull it off." I still wonder. Because I don't understand
how the White House or a Fortune 100 company hires them and then sleeps at
night.
So, Mark, seriously, what's the basis for trusting a gray hat organization?
Fred
Avolio Consulting, Inc.
16228 Frederick Road, PO Box 609, Lisbon, MD 21765, US
+1 410-309-6910 (voice) +1 410-309-6911 (fax)
http://www.avolio.com/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
