Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Your opinions ... last request
From: Eric Lauzon <elauzon () ITEMUS COM>
Date: Wed, 1 Nov 2000 14:03:53 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

        I guess alot of the questions that u have asked where answered, but
at one point where is the responsability of the bank toward client
         misconception of security,by that i mean your application should
trust the user to the point that even if the user account could get
         compromised, no one could go further, u can't be holded responsible
for a breakin into one of your client account. Unless the breaking
what done        whitout logging in. Client aka users should be
responsible for their own security treford application supporting
clients shouldnt trust at 100%   the client so that it couldn't be
fooled and then compromise alot more than the application it self its
environement.

        So having those type of rules arround whatever may happen could only
be reproduced to a targeted client and not to the institution it
self.

Eric Lauzon
elauzon () itemus com
Itemus Solution
tel:613.569.1888 ext:324
fax:613.569.9848


-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0

iQA/AwUBOgBpWKIpv/xAG6RUEQJo7QCfelGUgwLoYABys5HoBIMcOPlf7SUAoKli
rOmRtYEco7F5KPUjrYmfC6zc
=buqB
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]