I usually don't respond to shit in /dev/null, but this time I'm making an exception.

What sort of of reporter would be so bloody irresponsible and lacking in judgement as to seek unsolicited, relatively anonymous, uncorroborated opinion from a sodding web forum? It would appear as though the San Francisco Chronicle has furnished the answer in the form of Carrie Kirby.

Ms. Kirby, you are clearly devoid of any sort of journalistic integrity to even consider taking such a course of action as 'research'. In the scope of all dealings I've ever had with the press, this is right up there in the top three of the most irresponsible.

I'd question if your employer was aware that you were conducting yourself in this manner, but seeing as how it's the Chronicle they most likely encouraged it.

I don't like this thread...but then...I don't like reporters either. I can say that this is an area for TECHNICAL discussion of COMPUTER SECURITY. Since this thread is solicitation of sources and not in line with the purpose of this area of the forum...it gets a one way ticket to /dev/null.

I am not going to delete it, and your contact info is there in case one or more of the numerous media whores on the board want to contact you. Otherwise...see ya.

well, i wasn't going to put it on here in case competitors were reading, but since i already put on my full name, i might as well: i'm a writer for the san francisco chronicle.

i'm not asking for details about specific companies' systems, so i didn't think confidentiality would be an issue. if you feel it is, that's fine, just don't reply. i don't really care how you got the info, i'm just looking for people who can tell me, "the average company in the Philippines has better security than US firms," or "security over there sucks," or whatever the case is.

if you feel you have something to contribute to this article, please contact me on the email address i provided, and we can talk about any concerns you might have.

Sure some of done "Pen-Test's" and I hope after their Analysis the systems were better then when they got there. Moreover, I would venture to guess the 95% (hopefully more) of the people who did the "Pen-Test's" sign agreements not to disclose information. And even if they didn't sign agreements, it's a matter of professional courtesy not to release such information.

You brought up the matter of "Pen-Test's". So I want you to remember something before asking your next question: If you asked if anyone hacked sites overseas that would be an issue in and of itself. But that would more be viewed as a hobby, illegal, but still fall into the realm of a hobby. But, you ask if people Test the Security of these sites for money. Now that's business.. Don't mix up the two, or else I will enlighten you as to the difference.


By the way. You did state you are a Reporter. What Publication are you employed by?

To be fair, "penetration testing" could imply a legal act by a hired security firm...

didn't mean to imply

hey, i read the rules, and i didn't mean to imply that everybody here is a bunch of criminal hackers. but surely some have done pen tests, no?

Of course we've all broken into overseas networks..we're criminals right?