Security Basics mailing list archives
Re: Opinions on vulnerability scanning practice?
From: "Irwan Ismail" <irwan.ismail () gmail com>
Date: Fri, 4 Aug 2006 17:03:55 +0800
I totally agree with you. No matter what requirements they have, it's a basic and common practice to obtain permission prior to running any scans. Otherwise, you have every right to file a lawsuit! On 2 Aug 2006 22:20:06 -0000, rgutter () gmail com <rgutter () gmail com> wrote:
I'd like to get a community opinion on this. We're a union that provides free web hosting to a number of related non-profit organizations. Some of them have gone to a third-party provider for e-commerce functionality, and obviously want to link to that provider from their sites on our server. Wanting to set up merchant accounts for these organizations, that provider's e-commerce service (Beanstream) had a risk management firm run a vulnerability scan on our server, stating that Visa requires AIS end-to-end compliance within the Visa payment system. Now, I recognize the desire to prevent pharming and similar attacks that could occur were my system to be compromised, but my first response was: "Who the ^*$$* do you think you are to run a scan on my system without permission?" What's the deal here? Am I out of line? Is this normal practice? --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
--------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Opinions on vulnerability scanning practice? rgutter (Aug 03)
- RE: Opinions on vulnerability scanning practice? David Gillett (Aug 04)
- Re: Opinions on vulnerability scanning practice? Mitch Pope (Aug 04)
- Re: Opinions on vulnerability scanning practice? Ansgar -59cobalt- Wiechers (Aug 05)
- Re: Opinions on vulnerability scanning practice? Eric Furman (Aug 05)
- Re: Opinions on vulnerability scanning practice? Irwan Ismail (Aug 04)
- <Possible follow-ups>
- RE: Opinions on vulnerability scanning practice? Jeffrey Wei (Aug 04)
- Re: Opinions on vulnerability scanning practice? krymson (Aug 04)
- RE: Opinions on vulnerability scanning practice? Krpata, Tyler (Aug 04)
- Re: Opinions on vulnerability scanning practice? knox . justin (Aug 04)
- Re: Opinions on vulnerability scanning practice? benjaminz (Aug 04)
- Re: Opinions on vulnerability scanning practice? gazwj (Aug 04)
- Re: Opinions on vulnerability scanning practice? simonis (Aug 04)