Penetration Testing mailing list archives

RE: Winning Hearts and Minds

From: "Andy Cuff" <lists () securitywizardry com>
Date: Fri, 4 May 2007 20:15:01 +0100

Just to clarify, as was pointed out on by another subscriber, the use of a
privileged account alongside an online service may require some precautions
to be taken or a great deal of trust ;)

Regards
Andy Cuff
Managing Director / CEO
Computer Network Defence Ltd
www.SecurityWizardry.com

-----Original Message-----
From: listbounce () securityfocus com 
[mailto:listbounce () securityfocus com] On Behalf Of Andy Cuff
Sent: 04 May 2007 20:01
To: pen-test () securityfocus com
Subject: Winning Hearts and Minds

Afternoon,
The discussion on USB devices on the basics list, prompted me 
to report on GFI's FREE Online USB scanner 
http://www.securitywizardry.com/endpoint.htm#freegfi

Back in the 90's I found that a quick squirt using l0phtcrack 
was a great way to win the hearts and minds of system owners 
to Information Security and open their ears.  Obviously these 
days enabling password complexity is trivial and cracking 
complex passwords pointless (mostly), therefore password 
cracking doesn't have the same effect. VA tools tend to 
switch off interest, therefore what do we do?  I saw the 
above scanner as another Hearts and Minds tool, in that it 
will show the owner what USB devices have ever been on a 
given system from Mass Storage to iPods, I'm sure it can be 
defeated however it wakes them up.

What other Hearts and Minds tools do Pen Testers use for 
grabbing attention??

Regards
Andy Cuff
Managing Director / CEO
Computer Network Defence Ltd
www.SecurityWizardry.com

--------------------------------------------------------------
----------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic See HOW Now with 
our 20/20 program!

http://www.cenzic.com/c/2020
--------------------------------------------------------------
----------



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

Current thread:

Winning Hearts and Minds Andy Cuff (May 04)
- Re: Winning Hearts and Minds Dave Patterson (May 04)
- <Possible follow-ups>
- RE: Winning Hearts and Minds Andy Cuff (May 04)