|
Penetration Testing
mailing list archives
RE: ethics of approaching vulnerable prospective clients
From: giraffe9 () optusnet com au
Date: Wed, 13 Nov 2002 10:11:17 +1100
Example 2 is clearly not acceptable. It amounts to an intrusion and would be a
criminal offence in many countries.
Example 1 is acceptable. It is a passive vulnerability scan. It's like looking for
web servers that do not use ssl when they ought to be and then you figure those
organisations need help. An active vulnerability scan (you send traffic to the
target specifically to find vulnerabilities, traffic that would not be sent in the normal
course of business) is not, in my opinion, acceptable.
9iraffe
-----Original Message-----
From: Zach Forsyth [mailto:zach.forsyth () kiandra com]
Sent: 12 November 2002 14:38
To: pen-test () securityfocus com
Subject: ethics of approaching vulnerable prospective clients
Been lurking for quite some time now but thought I might pose a question
to everyone on the list.
I just wanted to see what everyone's opinions were on means of
approaching vulnerable prospective clients.
Of interest especially are clients with wireless networks.
.... etc
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
 By Date 
By Thread
Current thread:
|
Intro
