Penetration Testing mailing list archives
Re: [PEN-TEST] Ethics Scenario
From: Steve <Steve () SECURESOLUTIONS ORG>
Date: Mon, 2 Oct 2000 13:58:59 -0600
B) Our team finds a vulnerability/hole on a website just by poking around / using the site.
Poking around maybe but most of the time you will not just run into a hole by using the web site for what it is intended.
The question is this: Do we tell the website company who we are and that we have discovered a
I would inform them definately. No need to provide detailed fix information but at least inform them of how you "fell" into the hole/vuln.
vulnerability and then offer to provide them assistance with the vulnerability (for pay of course). i.e. offering them a full pen-test or an IDS or something...?
I wouldn't. But I would attach my company and contact info on the email. Leave it up to the company to come to you otherwise you never know what they might try accusing you of.
Or does this tend to fall into the "chasing ambulances" type of business marketing strategy?
I think it does. Its like alarm companies breaking into houses and leaving their business card behind. In fact, I have recently heard rumors (rumors, so don't ask me to publicly name the company) of a company using their own staff to hack, crack, and deface sites then have their sales drones do a cold call on the company a few days later. In my opinion, this is very unethical and to be honest, if I ever find some real proof that this certain company is actually doing this, I will report it publicly, lawsuit or not.
Current thread:
- [PEN-TEST] Ethics Scenario Christopher M. Bergeron (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Edward Mitchell (Oct 02)
- Re: [PEN-TEST] Ethics Scenario SM (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Erik Tayler (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Erik Tayler (Oct 02)
- <Possible follow-ups>
- Re: [PEN-TEST] Ethics Scenario Dunker, Noah (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Steve (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Tonick, Mike (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Gallicchio, Florindo (2282) (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Darryl Rathbun (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Spy Fox (Oct 02)