Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Pentesters giving away Client information

From: "wirepair" <wirepair () roguemail net>
Date: Tue, 04 May 2004 13:10:36 -0700
That's just irresponsible. I can't even imagine ever considering doing such a thing.
I mean, come on heh. I'm very reluctant to say anything about a client network even
when i'm doing a pen-test (if i have a specific question). I have asked questions in the
past but definitly in no way ever connected to the client network at the time. That's
a good one. On Tue, 4 May 2004 19:58:26 +0100 
 "Nexus" <nexus () patrol i-way co uk> wrote:

Hi folks,
   Taking a slant on the "pentesters getting owned" thread, how about the
information that people sometimes give away, especially on public mailing
lists ?

One Example : The Security Focus lists used to be excellent for this before
their list software started mangling the headers as you would get webmail
based posts along the lines of the common "doing a pen test for a client.."
and a quick check of the header gives you the originating IP, quick whois
and you know who the client is as they sent it from the client network....
</bless>
OK, I have a fetish for email headers as you can probably tell by mine (;-)
but does anyone else examine posts on a regular basis ?

Any other war stories^H^H^H^H^H^H^H^H^Hfave examples ?

Cheers.

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave


--
Visit Things From Another World for the best
comics, movies, toys, collectibles and more.
http://www.tfaw.com/?qt=wmf
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: