party trick to shut up the non-believers

[cclymer at gmail.com (Chris Clymer)]

Rather than a live demo, better tactic might be telling a story about  
a vulnerability in joe sixpack terms.  The pizza coupon thing 
(dominos?) a few months back is a good example.

I see a lot of downsides to letting folks at a party pressure you into  
a live demo.  You are basically allowing strangers to SE you.  If you  
show a successful demo, you just know the next question will come: so  
can you hack into so-and-so's facebook account? ;)

When you consider the potential for demo fail too, this is really a  
lose/lose situation :(

-------------------------
securityjustice.com | chrisclymer.com


On May 3, 2010, at 11:54 AM, Robin Wood <robin at digininja.org> wrote:

> Hi
> At a party the other day I was asked the normal question of what do I
> do for a living. I said security and kept it a bit vague but was
> pressed so explained what pen-testing is and roughly what I do. I then
> got the challenge, prove it, prove you can hack a company.
>
> People would say to a dentist, prove you can do a filling but this
> person insisted they wanted a demo. I explained the legalities and
> finally fobbed them off and got away but it got me thinking, has
> anyone got any good party tricks that they can pull in this kind of
> situation that give an instant wow but are easy to do and legal? Not
> quite legal but I was thinking if I knew any big sites with XSS I
> could rewrite but none came to mind at that time.
>
> Robin
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com