Penetration Testing mailing list archives

Re: [PEN-TEST] Your opinions ... last request

From: Eric Lauzon <elauzon () ITEMUS COM>
Date: Wed, 1 Nov 2000 14:03:53 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

        I guess alot of the questions that u have asked where answered, but
at one point where is the responsability of the bank toward client
         misconception of security,by that i mean your application should
trust the user to the point that even if the user account could get
         compromised, no one could go further, u can't be holded responsible
for a breakin into one of your client account. Unless the breaking
what done        whitout logging in. Client aka users should be
responsible for their own security treford application supporting
clients shouldnt trust at 100%   the client so that it couldn't be
fooled and then compromise alot more than the application it self its
environement.

        So having those type of rules arround whatever may happen could only
be reproduced to a targeted client and not to the institution it
self.

Eric Lauzon
elauzon () itemus com
Itemus Solution
tel:613.569.1888 ext:324
fax:613.569.9848


-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0

iQA/AwUBOgBpWKIpv/xAG6RUEQJo7QCfelGUgwLoYABys5HoBIMcOPlf7SUAoKli
rOmRtYEco7F5KPUjrYmfC6zc
=buqB
-----END PGP SIGNATURE-----

Current thread:

[PEN-TEST] Your opinions ... last request Jim Miller (Nov 02)
- Re: [PEN-TEST] Your opinions ... last request Deus, Attonbitus (Nov 02)
- Re: [PEN-TEST] Your opinions ... last request Gary Flynn (Nov 02)
- <Possible follow-ups>
- Re: [PEN-TEST] Your opinions ... last request Eric Lauzon (Nov 02)
- Re: [PEN-TEST] Your opinions ... last request Frank Knobbe (Nov 03)
  - Re: [PEN-TEST] Your opinions ... last request Deus, Attonbitus (Nov 03)