Rather than a live demo, better tactic might be telling a story about a vulnerability in joe sixpack terms. The pizza coupon thing (dominos?) a few months back is a good example.
I see a lot of downsides to letting folks at a party pressure you into a live demo. You are basically allowing strangers to SE you. If you show a successful demo, you just know the next question will come: so can you hack into so-and-so's facebook account? ;) When you consider the potential for demo fail too, this is really a lose/lose situation :( ------------------------- securityjustice.com | chrisclymer.com On May 3, 2010, at 11:54 AM, Robin Wood <[email protected]> wrote: > Hi > At a party the other day I was asked the normal question of what do I > do for a living. I said security and kept it a bit vague but was > pressed so explained what pen-testing is and roughly what I do. I then > got the challenge, prove it, prove you can hack a company. > > People would say to a dentist, prove you can do a filling but this > person insisted they wanted a demo. I explained the legalities and > finally fobbed them off and got away but it got me thinking, has > anyone got any good party tricks that they can pull in this kind of > situation that give an instant wow but are easy to do and legal? Not > quite legal but I was thinking if I knew any big sites with XSS I > could rewrite but none came to mind at that time. > > Robin > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
