Penetration Testing mailing list archives
RE: Pre-Scanning for Marketing
From: "Ken Kousky" <kkousky () ip3inc com>
Date: Mon, 16 Jan 2006 12:22:17 -0500
I don't recall the company's name but there is folklore about a company in San Diego that did this on a military site and ended up with criminal charges filed against them. It's hard to imagine you can make a credible case for how serious the vulnerabilities might be without crossing the line and actually being invasive. I, for one, wouldn't want a client that was impressed by this kind of marketing. KWK -----Original Message----- From: Kurt Seifried [mailto:bt () seifried org] Sent: Saturday, January 14, 2006 1:57 AM To: Nathan Einwechter; 'Password Crackers, Inc.'; pen-test () securityfocus com Subject: Re: Pre-Scanning for Marketing
I am interested if anyone on the list has ever tested or implemented a marketing program that involved pre-scanning (wired or wireless) a prospect and then sending a letter or email describing potential vulnerabilities and offering assistance in closing these vulnerabilities. I have never done this because of the anticipated negative reaction, but I am curious as to what the outcome was if anyone else has done it. Single instances would be interesting, but I am more curious if anyone has implemented this in a more broad-based way and has positive and/or negative response rate statistics. Bob Weiss Password Crackers, Inc.
I believe there is a term for this form of "marketing".. what's the term... Oh yes: "Protection racket" A protection racket is an extortion scheme whereby a powerful organization coerces individuals or businesses to pay "protection money" which allegedly serves to purchase the powerful organization's protection services against various external threats, whereas the actual threat comes from the powerful organization itself. Those who do not buy into the protection plan are targeted by the powerful organization and are harassed to try to force payment of the protection money. Honestly if someone sent me such a letter my first reaction would be to call corporate counsel which would probably be followed by a call to law enforcement. -Kurt ---------------------------------------------------------------------------- -- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ---------------------------------------------------------------------------- --- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Pre-Scanning for Marketing Password Crackers, Inc. (Jan 10)
- RE: Pre-Scanning for Marketing Chris Serafin (Jan 10)
- RE: Pre-Scanning for Marketing Ebeling, Jr., Herman Frederick (Jan 11)
- Re: Pre-Scanning for Marketing Steve Friedl (Jan 11)
- Re: Pre-Scanning for Marketing alan (Jan 11)
- RE: Pre-Scanning for Marketing Nathan Einwechter (Jan 13)
- Re: Pre-Scanning for Marketing Kurt Seifried (Jan 15)
- RE: Pre-Scanning for Marketing Ken Kousky (Jan 17)
- Re: Pre-Scanning for Marketing Kurt Seifried (Jan 15)
- Re: Pre-Scanning for Marketing Kevin Johnson (Jan 14)
- <Possible follow-ups>
- RE: Pre-Scanning for Marketing Shenk, Jerry A (Jan 10)
- RE: Pre-Scanning for Marketing Ed Hudson (Jan 10)
- RE: Pre-Scanning for Marketing Stonewall (Jan 11)
- RE: Pre-Scanning for Marketing Password Crackers, Inc. (Jan 10)
- RE: Pre-Scanning for Marketing Wray, Donald W (Jan 11)
- RE: Pre-Scanning for Marketing David Ball (Jan 11)
- Re: Pre-Scanning for Marketing Robin Wood (Jan 11)
- RE: Pre-Scanning for Marketing Rapaille Maxime (Jan 11)
- Re: Pre-Scanning for Marketing Pete Herzog (Jan 11)
(Thread continues...)
- RE: Pre-Scanning for Marketing Chris Serafin (Jan 10)