Penetration Testing mailing list archives
Re: [PEN-TEST] finding offensive material
From: Andrew Walls <Andrew.Walls () AU COFLEXIP COM>
Date: Wed, 7 Mar 2001 01:04:20 +0100
My advice is to grab a copy of everything and then burn it onto a CD. In your penetration report mention that you encountered potentially offensive material that may or may not violate the company's policies regarding the storage/transmittal of files and that you can provide the client with a copy of these files if they so desire. The potential policy violation is unrelated to the penetration test, so the actual materials should not be included in the report. If the client wants to deal with it, they can, but they can also choose to ignore the issue. By retaining a CD of the material, you are able to provide a frozen record of the material. If you have strong feelings about this, you could have an off-the-record conversation with someone in HR, but this could effect your relationship with your primary client in the company, so take care.
-----Original Message----- From: Penetration Testers <PEN-TEST () SECURITYFOCUS COM> at csoap-internet Sent: Tuesday, 6 March 2001 12:04 To: PEN-TEST () SECURITYFOCUS COM at CSOAP-Internet Subject: [PEN-TEST] finding offensive material hello, If during penetration testing files are found on easily accessible business shares that could be defined as either sexually or racially offensive, how should that be presented in the finding in the final report. I assume this could leave a company open to law suite concerning hostile work environment, sexual harassment, racial discrimination, etc., so I would feel somewhat obligated to include it in the final report. I was hoping that someone who's had some experience with this situation could help me tip toe through this rather politically charged and potentially embarrassing finding in the final report. I'd like to be thorough in defining the legal risks of this material to management. Any help with this would be greatly appreciated. If there is a more appropriate place to post this question, please let me know. TIA, Sheila Soulia << File: RFC822.TXT >>
This message contains information intended only for the use of the addressee named above. It may also be confidential and/or privileged. If you are not the intended recipient of this message you are herby notified that you must not disseminate, copy or take any action in reliance on it. If you have received this message in error please notify the sender.
Current thread:
- [PEN-TEST] finding offensive material Sheila (Mar 06)
- Re: [PEN-TEST] finding offensive material E, M (Mar 07)
- Re: [PEN-TEST] finding offensive material Laudon Williams (Mar 07)
- <Possible follow-ups>
- Re: [PEN-TEST] finding offensive material Andrew Walls (Mar 07)
- Re: [PEN-TEST] finding offensive material Alexander Sarras (SEA) (Mar 07)