Penetration Testing mailing list archives
what to do it illegal activity found during pen-test
From: "Robin Wood" <dninja () gmail com>
Date: Fri, 2 Jun 2006 09:50:39 +0100
Hi I was wondering the other day, what should I do if during a pen test I found some illegal activity (internal, not from hackers) on the network being tested. My initial thought was report it to the police and let them sort it out but then thought I suppose that depends on the activity taking place. One one hand you could find a ftp site with a couple of movies on, the other you could find a website full of child porn. The first may just need a mention to the company IT staff, the second would definitely warrant police attention. Talking to someone they suggested the case where a web cam was being used to watch women's toilets. Should that be reported to the company first to stop the activity, then to the police, or could reporting it to the company give the perpetrator time to clean up their activities. All this is just idle questions at the moment but I'm curious to see if anyone has come across this kind of situation and how did they dealt with it. As I'm in the UK I'm particularly interested in any UK stories. Robin ------------------------------------------------------------------------------ This List Sponsored by: CenzicConcerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------
Current thread:
- what to do it illegal activity found during pen-test Robin Wood (Jun 02)
- Re: what to do it illegal activity found during pen-test Dotzero (Jun 02)
- RE: what to do it illegal activity found during pen-test Andy Meyers (Jun 02)
- RE: what to do it illegal activity found during pen-test Ali-Reza Anghaie (Jun 03)
- Re: what to do it illegal activity found during pen-test Robin Wood (Jun 04)
- RE: what to do it illegal activity found during pen-test Ebeling, Jr., Herman Frederick (Jun 07)
- RE: what to do it illegal activity found during pen-test Andy Meyers (Jun 02)
- Re: what to do it illegal activity found during pen-test Paul Robertson (Jun 08)
- RE: what to do it illegal activity found during pen-test Campbell Murray (Jun 09)
- Re: what to do it illegal activity found during pen-test Robin Wood (Jun 10)
- Re: what to do it illegal activity found during pen-test Paul Robertson (Jun 14)
- RE: what to do it illegal activity found during pen-test Campbell Murray (Jun 09)
- <Possible follow-ups>
- RE: what to do it illegal activity found during pen-test Michael Scheidell (Jun 02)
(Thread continues...)
- Re: what to do it illegal activity found during pen-test Dotzero (Jun 02)