http://blog.jabawoki.com/2010/02/25/black-white-or-grey-what-colour-hat-do-you-wear/?utm_source=rss&utm_medium=rss&utm_campaign=black-white-or-grey-what-colour-hat-do-you-wear Nothing to see here, move along... Tue, 10 Jan 2012 12:18:18 +0000 hourly 1 http://wordpress.org/?v=3.3.1 http://blog.jabawoki.com/2010/02/25/black-white-or-grey-what-colour-hat-do-you-wear/comment-page-1/#comment-116 SF Mon, 12 Apr 2010 14:26:30 +0000 http://blog.jabawoki.com/?p=1740#comment-116 Just to add the laws that govern these acts make no ref to intent and I think unfairly some people have fallen foul of the law for just being inquisitive shall we say. Perhaps performing a simple directory traversal attempt on a tsunami charity site for example! (one instant) When if they really had a criminal intent\goal they have skills which would not fall so easily ie TOR\cantenna\spoofs etc. An example was required and made... I think motivation and threat capability is often forgotten to easily, which I debated with an ISO27001 lecturer recently in actual fact. The ISO feeling was that it was not a factor in risk criteria. My reply "As Willie Sutton the bank robber said when asked why he robbed banks, 'because that's where the money is'." Just to add the laws that govern these acts make no ref to intent and I think unfairly some people have fallen foul of the law for just being inquisitive shall we say. Perhaps performing a simple directory traversal attempt on a tsunami charity site for example! (one instant) When if they really had a criminal intent\goal they have skills which would not fall so easily ie TOR\cantenna\spoofs etc. An example was required and made… I think motivation and threat capability is often forgotten to easily, which I debated with an ISO27001 lecturer recently in actual fact. The ISO feeling was that it was not a factor in risk criteria. My reply “As Willie Sutton the bank robber said when asked why he robbed banks, ‘because that’s where the money is’.”

]]>