Penetration Testing mailing list archives
Re: Pentester convicted thread
From: Erin Carroll <amoeba () amoebazone com>
Date: Fri, 12 May 2006 14:58:46 -0400 (EDT)
Anna, With all due respect, you are incorrect in what you are inferring. There are other lists available which cover the moral, legal, and ethical aspects of security research and activities. As another member pointed out, dcstuff at attrition.org or other mailing lists are more appropriate venues for that type of discussion. The SecurityFocus pen-test list focus is on the technical aspects of pen-testing: new tools, methodologies for testing, and tool usage discussions etc. As moderator it is my job to keep the posts inline with that focus and keep my personal bias and opinions out of it. While I personally find the discussion of the 'pentester convicted' thread very interesting, the pen-test list is not my personal little kingdom to play god with. I'm beholden to the members and contributors to keep the list focused on the subjects that they signed up for. I am not paid for moderation, this is a volunteer effort. I am always available for input or suggestions and have attempted to maintain a fairly open and transparent modus operandi when it comes to the list and its moderation... which is why I approved your post below as there may be list members who share your concerns and I wanted to address them publicly. If anyone else has questions or concerns, please don't hesitate to contact me. Despite your cynicism, I would very much appreciate being informed of what issues with the list you are referring to. I don't control the list server or it's implementations. I don't login to the server or SecurityFocus boxes to do moderation, it's a remote mod function of the mailist program. If there is a security issue with it I'm sure that SecurityFocus would like to know. That being said, there may well be technical or operational reasons why the flaw exists which would preclude fixing them but I have no insight into that. -Erin On Fri, 12 May 2006, joris wrote:
the good old, Never bite the hand that is feeding you, reaction. then i must assume that you also don't want to know about a flaw in the mailing-list system.. just like your sponsor didnt want to know about theirs. Night night, dont let the bed bug byte too much. *Anna. On Thu, 11 May 2006 16:41:58 -0400 (EDT) Erin Carroll <amoeba () amoebazone com> wrote:List members, While the 'pentester convicted' thread has generated a *lot* of response and interesting discussion, don't be surprised if I reject posts on it going forward. This is not a blanket rejection of all future posts on the thread as I do think that some of the discussion is relevant and within the list charter. However, at the same time I can't let it devolve into ethical or morality debates, legal verbiage, and flamefests. If your post on this thread is rejected it's not personal, I just didn't see the immediate relevance to the focus of the pen-test list. If you wish to discuss the methodology used and the pros/cons surrounding how it all went down that's fine and dandy :) Please be aware of the pen-test list charter which can be found at http://www.securityfocus.com/archive/101/description. Though I have been the list moderator for a little over a year now, pen-test is still owned by Al Huger and the fine folks at SecurityFocus. If you have any questions, comments, concerns, or flames feel free to email me directly. -- Erin Carroll Moderator, SecurityFocus pen-test list ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
Current thread:
- Pentester convicted thread Erin Carroll (May 11)
- Re: Pentester convicted thread Dogten (May 12)
- Re: Pentester convicted thread alan (May 12)
- Re: Pentester convicted thread joris (May 12)
- Re: Pentester convicted thread Erin Carroll (May 12)
- <Possible follow-ups>
- Re: Pentester convicted thread Mark Teicher (May 12)
- Re: Pentester convicted thread Dogten (May 12)