Re: Location Location Location

["Kristian Erik Hermansen" <kristian.hermansen () gmail com>]

Thanks for all the info.  I will heed your advice.  However, I can't
play uplink because it doesn't run on Linux :-(  Maybe if a linux
hacker games comes out...or you can recommend a challenging online
root war...


On 10/28/07, Paul Melson <pmelson () gmail com> wrote:
> On 10/27/07, Kristian Erik Hermansen <kristian.hermansen () gmail com> wrote:
> > So now what is a pen tester to do?  There are some boxes hanging
> > around out there on the net pwned, but you don't want to say anything
> > because they weren't yours to hack in the first place!??!  What is the
> > proper etiquette here?  If you inform the party, maybe they will want
> > to sue you for damages.  On the other hand, they are vulnerable.  Who
> > has been in this situation before?
>
> Everybody that's been doing over-the-net pen testing for any amount of
> time, that's who.  It depends on the situation as to how best to
> handle it, but the ethical thing is to suck it up, try and make
> contact with the unintended target, and hope that they will be
> reasonable.  (That's assuming that they haven't already noticed and
> contacted you first.)  At that point, you are at the very least
> obligated to assist them in understanding and mitigating the
> vulnerabilities you've found on their end.  For free.  Under a
> confidentiality agreement.
>
>
> > Is uplink really that cool?!!??  I tried it once, but I thought it was
> > pretty lame.  Maybe I didn't give it enough time to enjoy the plot...
>
> Hacker games are about as cool and accurate as hacker movies.  But if
> you *like* Uplink, then Hacker Evolution will also amuse you:
>
> http://www.exosyphenstudios.com/page_hacker-evolution.html
>
>
> PaulM


-- 
Kristian Erik Hermansen
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave