Challenging hackers, bad idea.

In my time as a white hat hacker for a Big Eight (now Final Four) audit firm I was engaged to break into a large PC manufacturer. First we looked at their internal architecture and found it to be rock solid.

In my time as a white hat hacker for a Big Eight (now Final Four) audit firm I was engaged to break into a large PC manufacturer. First we looked at their internal architecture and found it to be rock solid. They had dual 100 MB pipes to multiple backbones all protected by Cisco routers with simple Access Control Lists (ACL’s) that basically blocked everything but HTTP and HTTPS to their web servers. A scan from the outside using Internet Security Scanner from ISS and CyberCop from Network Associates revealed, predictably, nothing worth targeting.

This was back in the day when web-site defacement was a big issue. Remember when hackers defaced the NY Times web page?

That was a Sunday morning. That Monday the CEO of the company I was investigating was at a press conference and according to the folks in internal audit he pounded the podium and declared “we are secure, we will never be hacked!