Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Pentester convicted thread
From: Erin Carroll <amoeba () amoebazone com>
Date: Fri, 12 May 2006 14:58:46 -0400 (EDT)


Anna, 

With all due respect, you are incorrect in what you are inferring. There
are other lists available which cover the moral, legal, and ethical
aspects of security research and activities. As another member pointed
out, dcstuff at attrition.org or other mailing lists are more appropriate 
venues for that type of discussion. The SecurityFocus pen-test list focus 
is on the technical aspects of pen-testing: new tools, methodologies for 
testing, and tool usage discussions etc. 

As moderator it is my job to keep the posts inline with that focus and
keep my personal bias and opinions out of it. While I personally find the
discussion of the 'pentester convicted' thread very interesting, the
pen-test list is not my personal little kingdom to play god with.  I'm
beholden to the members and contributors to keep the list focused on the
subjects that they signed up for. I am not paid for moderation, this is a 
volunteer effort.

I am always available for input or suggestions and have attempted to
maintain a fairly open and transparent modus operandi when it comes to the
list and its moderation... which is why I approved your post below as
there may be list members who share your concerns and I wanted to address
them publicly. If anyone else has questions or concerns, please don't
hesitate to contact me.

Despite your cynicism, I would very much appreciate being informed of what
issues with the list you are referring to. I don't control the list server
or it's implementations. I don't login to the server or SecurityFocus
boxes to do moderation, it's a remote mod function of the mailist program.
If there is a security issue with it I'm sure that SecurityFocus would
like to know. That being said, there may well be technical or operational
reasons why the flaw exists which would preclude fixing them but I have no
insight into that.


-Erin


On Fri, 12 May 2006, joris wrote:

the good old, Never bite the hand that is feeding you, reaction.

then i must assume that you also don't want to know about a flaw in the mailing-list system..
just like your sponsor didnt want to know about theirs.

Night night, dont let the bed bug byte too much.
*Anna.


On Thu, 11 May 2006 16:41:58 -0400 (EDT)
Erin Carroll <amoeba () amoebazone com> wrote:

List members,

While the 'pentester convicted' thread has generated a *lot* of response
and interesting discussion, don't be surprised if I reject posts on it
going forward. This is not a blanket rejection of all future posts on the
thread as I do think that some of the discussion is relevant and within
the list charter. However, at the same time I can't let it devolve into
ethical or morality debates, legal verbiage, and flamefests. If your post
on this thread is rejected it's not personal, I just didn't see the
immediate relevance to the focus of the pen-test list.

If you wish to discuss the methodology used and the pros/cons surrounding 
how it all went down that's fine and dandy :)

Please be aware of the pen-test list charter which can be found at
http://www.securityfocus.com/archive/101/description. Though I have been
the list moderator for a little over a year now, pen-test is still owned
by Al Huger and the fine folks at SecurityFocus. 

If you have any questions, comments, concerns, or flames feel free to 
email me directly.


--
Erin Carroll
Moderator, SecurityFocus pen-test list


------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------


------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------



------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]