Penetration Testing mailing list archives
RE: ethics of approaching vulnerable prospective clients
From: giraffe9 () optusnet com au
Date: Wed, 13 Nov 2002 10:11:17 +1100
Example 2 is clearly not acceptable. It amounts to an intrusion and would be a criminal offence in many countries. Example 1 is acceptable. It is a passive vulnerability scan. It's like looking for web servers that do not use ssl when they ought to be and then you figure those organisations need help. An active vulnerability scan (you send traffic to the target specifically to find vulnerabilities, traffic that would not be sent in the normal course of business) is not, in my opinion, acceptable. 9iraffe -----Original Message----- From: Zach Forsyth [mailto:zach.forsyth () kiandra com] Sent: 12 November 2002 14:38 To: pen-test () securityfocus com Subject: ethics of approaching vulnerable prospective clients Been lurking for quite some time now but thought I might pose a question to everyone on the list. I just wanted to see what everyone's opinions were on means of approaching vulnerable prospective clients. Of interest especially are clients with wireless networks. .... etc ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- ethics of approaching vulnerable prospective clients Zach Forsyth (Nov 12)
- Re: ethics of approaching vulnerable prospective clients Gareth (Nov 12)
- Re: ethics of approaching vulnerable prospective clients Darren Van Booven (Nov 13)
- <Possible follow-ups>
- Re: ethics of approaching vulnerable prospective clients Stephen Friedl (Nov 12)
- RE: ethics of approaching vulnerable prospective clients giraffe9 (Nov 12)