Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx> contributed wisdom to
> What if the hack was requested by the tester for the sake of defence from
> real attack? That what white-hats are for.
Thats true. But we get many requests to "hack my machine" where the request
doesnt come from the root address on that machine. Usually its not from
that machine at all. So its as if some child on a street corner walks up
and hands you a rock and says "Test the shatter proof glass on my house.
Its that one there. Really its OK because I told you to do it." :)
Of course even a root account doesnt mean that its the real owner. And
often a probe could cause you to cross the line with a company where the
admin has asked too much without permission, or cause us to violate the
boundaries of an ISP who might not care who authorized it. I have done some
probings when contacted by people I trusted but I dont think Ive ever seen
a public request which has convinced me to do any more than the simple
scannings which would happen to a system every day.