Penetration Testing mailing list archives

Re: [PEN-TEST] PBX Security

From: "Loschiavo, Dave" <DLoschiavo () FRCC CC CA US>
Date: Wed, 4 Oct 2000 09:19:15 -0700

<quote> It's unfair to use a known back-door when pen-testing.  The
back-door on Norstar is pretty hard to stumble across, but it is nice to
know the default passcodes, and test for things like that.  Good luck!
</quote>

If it is known (heck, or even if you are the only one who knows it), why is
it unfair? If you were able to find it, via social engineering, why can't a
hacker. The way I look at, if a back-door has a hard coded (or unchanged
default) method for allowing access, then it is a security hole. Isn't that
what a Pen-Test is supposed to uncover?

Thoughts? Comments?

Current thread:

[PEN-TEST] PBX Security Joe Traietta (Oct 04)
- Re: [PEN-TEST] PBX Security David Spinks (Oct 04)
- Re: [PEN-TEST] PBX Security Frasnelli, Dan (Oct 04)
- Re: [PEN-TEST] PBX Security Talisker (Oct 04)
- <Possible follow-ups>
- Re: [PEN-TEST] PBX Security PRAYAGSING MUKESH (Oct 04)
- Re: [PEN-TEST] PBX Security Dunker, Noah (Oct 04)
- Re: [PEN-TEST] PBX Security David Alexander (Oct 04)
- Re: [PEN-TEST] PBX Security Gallicchio, Florindo (2282) (Oct 04)
- Re: [PEN-TEST] PBX Security Loschiavo, Dave (Oct 04)
  - Re: [PEN-TEST] PBX Security Mark L. Jackson (Oct 05)
- Re: [PEN-TEST] PBX Security Curphey, Mark (ISS Atlanta) (Oct 04)
- Re: [PEN-TEST] PBX Security Fricke, Gregory D. (Oct 04)
- Re: [PEN-TEST] PBX Security Ben Grubin (Oct 04)
- Re: [PEN-TEST] PBX Security Dunker, Noah (Oct 04)
- Re: [PEN-TEST] PBX Security Davidson,Sam (Oct 04)
- Re: [PEN-TEST] PBX Security Alex Balayan (Oct 04)