Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: [PEN-TEST] finding offensive material

Re: [PEN-TEST] finding offensive material

From: Alexander Sarras (SEA) <Alexander.Sarras_at_SEA.ERICSSON.SE>
Date: Wed, 7 Mar 2001 08:37:43 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> -----Original Message-----
> From: Sheila [mailto:soulia_at_HOME.COM]
> Sent: Tuesday, 06 March, 2001 9:05 PM
> To: PEN-TEST_at_SECURITYFOCUS.COM
> Subject: [PEN-TEST] finding offensive material
>
>
> hello,
> If during penetration testing files are found on easily accessible
> business shares that could be defined as either sexually or racially
> offensive, how should that be presented in the finding in the final
> report. I assume this could leave a company open to law suite
> concerning hostile work environment, sexual harassment, racial
> discrimination, etc., so I would feel somewhat obligated to include
> it in the final report.

If it's not illegal content you dig up, I'd say ignore it. Unless being
a morale guardian is part of your contract, or the policy there clearly
forbids such content or private use at all and it's your job to check
that too.
What you could do is inform the owners of those shares to tighten them
up or better still to move those content. This should throw a slight
scare at them (especially if you also include your concerns about law
suits).

You might inform the management to the fact that business shares exist,
which do not contain business but private data. Anything more would be
up to them.

Not living in the US (where a colleague of mine once whose informed
that a piece of ASCII-art in an email he _received_ was sexual
harassment) I might have a different attitude towards some contents. As
long as it's not illegal I might leave it alone (even racist jokes et
al., but I'd mark those bastards in my own little black book ;->)

Regards (and be careful)
SaS
- --
Dr. Alexander Sarras
Ericsson Austria | Phone: +43 1 811 00 4668
Pottendorferstr. 25
A-1121 Wien
Austria

- ----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GS>AT dpu++ s++:+ a>+++$ C++ UB*++++ P++ L+ !E W++(-) N++ K--- w--- O++
M-
V+ !PS PE Y+ PGP+++ t++ 5-- X- R+>++ b++++ DI++ D--- G+>+++ e++++ h----
r+++ y++++
- -----END GEEK CODE BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1 Int.
Comment: Paranoiacs live long and prosper!

iQA/AwUBOqXXJPNEKPH/spuMEQIRUgCfUgjIrGQHZ8+fKpsoQP2JzoMooAAAn15G
0s9Gsg96jWYG1JHTUtkE/ifF
=ZiXa
-----END PGP SIGNATURE-----
Received on Mar 07 2001

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos