Penetration Testing mailing list archives
Re: Pre-Scanning for Marketing
From: Pete Herzog <lists () isecom org>
Date: Thu, 12 Jan 2006 00:50:50 +0100
Hi,Just for a moment, consider the scenario that you were going through the neighborhood seeing if windows are unlocked. If they are, you open them or even just knock on the front door and tell them you see the window is open and you can fix that for security reasons.
If that scenario doesn't strike you as so over-security-conscious that it's idiotic, then you should know it is indeed a Sponge Bob episode (yes I have kids who watch TV sometimes).
Now let's look at this again and ask yourself, who are you to assure a neighborhood business, person, etc. is breaking your security rules (knowing best practice is not best for all)? You can argue they're not aware. Well, it's not your place. Are they hurting you? Are they hurting others? You can argue, "not yet but statistically" and I'll show you a teenage boy with a fast car who if doesn't kill someone someday will probably cause a decent share of road rage (statistically). But it's not illegal yet until the damage is done.
I know it's frustrating to see bad or no security but they may have a reason for it. And if they don't have a reason so what unless it's harming someone else or has the potential to do GREAT harm (like discovering they allow cell phones near drug dispensing devices in the hospital). In that case, try to go through proper channels and then maybe even alert the proper authorities. Be a watchdog and not a vigilante. It's better for business too.
Sincerely, -pete. www.osstmm.org - www.isestorm.org - www.isecom.org Rapaille Maxime wrote:
Hi, During some site survey or wireless audit, I have found some companies (other that the current customer) having badly protected Wifi network. And a lot of non protected at all, advertising the name of the company or the university as SSID. I have found myself in the same dilemna : contact or not contac them ?I tried once, and got a 'very' negative reaction.. Never did it again But Yes, it's very frustrating to see all those companies need ourservices, and you can't help. Perhaps, for example, if it's very critical for your country (some gov institution or the like) you could try to contact a kind of computer Crime unit (like we have in Belgium) and explain them the situation.. If they understand what you are speaking about they woumld probably react, but, they won't be able to give your company's name as a reference.. Frustrating dilemna... Regards Max
------------------------------------------------------------------------------Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- RE: Pre-Scanning for Marketing, (continued)
- RE: Pre-Scanning for Marketing Ken Kousky (Jan 17)
- Re: Pre-Scanning for Marketing Kevin Johnson (Jan 14)
- RE: Pre-Scanning for Marketing Shenk, Jerry A (Jan 10)
- RE: Pre-Scanning for Marketing Ed Hudson (Jan 10)
- RE: Pre-Scanning for Marketing Stonewall (Jan 11)
- RE: Pre-Scanning for Marketing Password Crackers, Inc. (Jan 10)
- RE: Pre-Scanning for Marketing Wray, Donald W (Jan 11)
- RE: Pre-Scanning for Marketing David Ball (Jan 11)
- Re: Pre-Scanning for Marketing Robin Wood (Jan 11)
- RE: Pre-Scanning for Marketing Rapaille Maxime (Jan 11)
- Re: Pre-Scanning for Marketing Pete Herzog (Jan 11)
- RE: Pre-Scanning for Marketing Ron Yount (Jan 11)
- RE: Pre-Scanning for Marketing Maxim Kostioukov (Jan 12)
- RE: Pre-Scanning for Marketing Rapaille Maxime (Jan 12)
- RE: Pre-Scanning for Marketing Bergert, David (Jan 13)