Penetration Testing mailing list archives
Re: [PEN-TEST] Ethics Scenario
From: "Tonick, Mike" <Mike.Tonick () PS NET>
Date: Mon, 2 Oct 2000 16:15:05 -0500
Christopher, I don't think it's wrong - I know it's wrong. First of all, I would question the practice of "poking around" on someone's web site where you don't have legal liability waivers in place to protect you and the assets of your company. If you found the problem innocently, then offer to fix it for free. That would be much more honorable, in my opinion, than saying I'll fix it - if you pay me. I believe that approach borders on extortion and/or blackmail. Michael D. Tonick, CISSP Senior Security Consultant Perot Systems Dallas, Texas -----Original Message----- From: Christopher M. Bergeron [mailto:ChrisB () HGSS COM] Sent: Monday, October 02, 2000 12:44 PM To: PEN-TEST () SECURITYFOCUS COM Subject: Ethics Scenario Here's a scenario that I'd like to get peoples' input on: A) Our company does pen-tests, security auditing etc... B) Our team finds a vulnerability/hole on a website just by poking around / using the site. The question is this: Do we tell the website company who we are and that we have discovered a vulnerability and then offer to provide them assistance with the vulnerability (for pay of course). i.e. offering them a full pen-test or an IDS or something...? Or does this tend to fall into the "chasing ambulances" type of business marketing strategy?
Current thread:
- [PEN-TEST] Ethics Scenario Christopher M. Bergeron (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Edward Mitchell (Oct 02)
- Re: [PEN-TEST] Ethics Scenario SM (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Erik Tayler (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Erik Tayler (Oct 02)
- <Possible follow-ups>
- Re: [PEN-TEST] Ethics Scenario Dunker, Noah (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Steve (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Tonick, Mike (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Gallicchio, Florindo (2282) (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Darryl Rathbun (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Spy Fox (Oct 02)