Stefano Marinelli @stefano@bsd.cafe
Public

This one beats them all and it’s going to make me laugh until tonight:

“I’ve been assigned to carry out a penetration test on a server you manage. The test will be performed from the outside, since the perimeter security needs to be assessed. In order to perform the test, I therefore ask you to disable any firewall, protection, blacklist. If any of these are in place, the server might not be reachable and could prevent the assessment.”

I had to read it three times just to make sure I’d understood it properly.

0
40
1

If you have a fediverse account, you can quote this note from your own instance. Search https://mastodon.bsd.cafe/users/stefano/statuses/115984116493117731 on your instance and quote it. (Note that quoting is not supported in Mastodon.)

Stefano Marinelli @stefano@bsd.cafe
Public

RE: mastodon.bsd.cafe/@stefano/115

Luckily, many of my clients are intelligent and well-prepared people. Needless to say, that email, before making me laugh, had already made the client laugh. He immediately thought he was dealing with people who were great at marketing but had little technical skill.
I presented my theory on software engineering, but he immediately tore it apart, declaring himself extremely skeptical. In his opinion, it is more likely to be a technique to lower our defenses and then try to sell us "security products" after a "pentest full of flaws". Or simply sheer incompetence.

Anyway, their connection hasn't any open ports. So they can pentest anything they want to, as long as they want to.

0
0
0