Penetration Testing mailing list archives
Re: [PEN-TEST] PBX Security
From: "Loschiavo, Dave" <DLoschiavo () FRCC CC CA US>
Date: Wed, 4 Oct 2000 09:19:15 -0700
<quote> It's unfair to use a known back-door when pen-testing. The back-door on Norstar is pretty hard to stumble across, but it is nice to know the default passcodes, and test for things like that. Good luck! </quote> If it is known (heck, or even if you are the only one who knows it), why is it unfair? If you were able to find it, via social engineering, why can't a hacker. The way I look at, if a back-door has a hard coded (or unchanged default) method for allowing access, then it is a security hole. Isn't that what a Pen-Test is supposed to uncover? Thoughts? Comments?
Current thread:
- [PEN-TEST] PBX Security Joe Traietta (Oct 04)
- Re: [PEN-TEST] PBX Security David Spinks (Oct 04)
- Re: [PEN-TEST] PBX Security Frasnelli, Dan (Oct 04)
- Re: [PEN-TEST] PBX Security Talisker (Oct 04)
- <Possible follow-ups>
- Re: [PEN-TEST] PBX Security PRAYAGSING MUKESH (Oct 04)
- Re: [PEN-TEST] PBX Security Dunker, Noah (Oct 04)
- Re: [PEN-TEST] PBX Security David Alexander (Oct 04)
- Re: [PEN-TEST] PBX Security Gallicchio, Florindo (2282) (Oct 04)
- Re: [PEN-TEST] PBX Security Loschiavo, Dave (Oct 04)
- Re: [PEN-TEST] PBX Security Mark L. Jackson (Oct 05)
- Re: [PEN-TEST] PBX Security Curphey, Mark (ISS Atlanta) (Oct 04)
- Re: [PEN-TEST] PBX Security Fricke, Gregory D. (Oct 04)
- Re: [PEN-TEST] PBX Security Ben Grubin (Oct 04)
- Re: [PEN-TEST] PBX Security Dunker, Noah (Oct 04)
- Re: [PEN-TEST] PBX Security Davidson,Sam (Oct 04)
- Re: [PEN-TEST] PBX Security Alex Balayan (Oct 04)