Penetration Testing mailing list archives
Re: [PEN-TEST] Your opinions ... last request
From: Eric Lauzon <elauzon () ITEMUS COM>
Date: Wed, 1 Nov 2000 14:03:53 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I guess alot of the questions that u have asked where answered, but at one point where is the responsability of the bank toward client misconception of security,by that i mean your application should trust the user to the point that even if the user account could get compromised, no one could go further, u can't be holded responsible for a breakin into one of your client account. Unless the breaking what done whitout logging in. Client aka users should be responsible for their own security treford application supporting clients shouldnt trust at 100% the client so that it couldn't be fooled and then compromise alot more than the application it self its environement. So having those type of rules arround whatever may happen could only be reproduced to a targeted client and not to the institution it self. Eric Lauzon elauzon () itemus com Itemus Solution tel:613.569.1888 ext:324 fax:613.569.9848 -----BEGIN PGP SIGNATURE----- Version: PGP 7.0 iQA/AwUBOgBpWKIpv/xAG6RUEQJo7QCfelGUgwLoYABys5HoBIMcOPlf7SUAoKli rOmRtYEco7F5KPUjrYmfC6zc =buqB -----END PGP SIGNATURE-----
Current thread:
- [PEN-TEST] Your opinions ... last request Jim Miller (Nov 02)
- Re: [PEN-TEST] Your opinions ... last request Deus, Attonbitus (Nov 02)
- Re: [PEN-TEST] Your opinions ... last request Gary Flynn (Nov 02)
- <Possible follow-ups>
- Re: [PEN-TEST] Your opinions ... last request Eric Lauzon (Nov 02)
- Re: [PEN-TEST] Your opinions ... last request Frank Knobbe (Nov 03)
- Re: [PEN-TEST] Your opinions ... last request Deus, Attonbitus (Nov 03)