('binary' encoding is not supported, stored as-is)
Example 2 is clearly not acceptable. It amounts to an intrusion and would be a
criminal offence in many countries.
Example 1 is acceptable. It is a passive vulnerability scan. It's like looking for
web servers that do not use ssl when they ought to be and then you figure those
organisations need help. An active vulnerability scan (you send traffic to the
target specifically to find vulnerabilities, traffic that would not be sent in the normal
course of business) is not, in my opinion, acceptable.
9iraffe
-----Original Message-----
From: Zach Forsyth [mailto:zach.forsyth_at_kiandra.com]
Sent: 12 November 2002 14:38
To: pen-test_at_securityfocus.com
Subject: ethics of approaching vulnerable prospective clients
Been lurking for quite some time now but thought I might pose a question
to everyone on the list.
I just wanted to see what everyone's opinions were on means of
approaching vulnerable prospective clients.
Of interest especially are clients with wireless networks.
.... etc
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Received on Nov 13 2002
Intro
