Penetration Testing mailing list archives
Re: [PEN-TEST] PBX Security
From: "Mark L. Jackson" <sincity_mark () INAME COM>
Date: Thu, 5 Oct 2000 00:56:38 -0700
<quote> It's unfair to use a known back-door when pen-testing. The back-door on Norstar is pretty hard to stumble across, but it is nice to know the default passcodes, and test for things like that. Good luck! </quote>
I am sure everyone out there wanting to break into system will play fair! If it is open and I know about it; someone with less-than-honorable intentions does also, and they would not hesitate to use it. I will use it. Does not mean that the testing should stop there.
If it is known (heck, or even if you are the only one who knows it), why is it unfair? If you were able to find it, via social engineering, why can't a hacker. The way I look at, if a back-door has a hard coded (or unchanged default) method for allowing access, then it is a security hole. Isn't that what a Pen-Test is supposed to uncover?
Some people I have run into think that Pen-testing is about finding new and innovative ways to break in. I disagree. Pen-Testing is about finding holes, PERIOD. My opinion is that if you do not use what is known to you (and others) you are not doing your job. Besides, how do you know it will work until you try it. Is that not the idea of Pen-testing, finding ALL weaknesses you can? Mark
Current thread:
- [PEN-TEST] PBX Security Joe Traietta (Oct 04)
- Re: [PEN-TEST] PBX Security David Spinks (Oct 04)
- Re: [PEN-TEST] PBX Security Frasnelli, Dan (Oct 04)
- Re: [PEN-TEST] PBX Security Talisker (Oct 04)
- <Possible follow-ups>
- Re: [PEN-TEST] PBX Security PRAYAGSING MUKESH (Oct 04)
- Re: [PEN-TEST] PBX Security Dunker, Noah (Oct 04)
- Re: [PEN-TEST] PBX Security David Alexander (Oct 04)
- Re: [PEN-TEST] PBX Security Gallicchio, Florindo (2282) (Oct 04)
- Re: [PEN-TEST] PBX Security Loschiavo, Dave (Oct 04)
- Re: [PEN-TEST] PBX Security Mark L. Jackson (Oct 05)
- Re: [PEN-TEST] PBX Security Curphey, Mark (ISS Atlanta) (Oct 04)
- Re: [PEN-TEST] PBX Security Fricke, Gregory D. (Oct 04)
- Re: [PEN-TEST] PBX Security Ben Grubin (Oct 04)
- Re: [PEN-TEST] PBX Security Dunker, Noah (Oct 04)
- Re: [PEN-TEST] PBX Security Davidson,Sam (Oct 04)
- Re: [PEN-TEST] PBX Security Alex Balayan (Oct 04)