Penetration Testing mailing list archives
RE: Ps. Informing Companies about security vulnerabilities...
From: "Craig Wright" <cwright () bdosyd com au>
Date: Fri, 6 Oct 2006 12:35:33 +1000
The police deciding to bring charges is not a decision as to the nature of the act. This does not make it legal or not. The police will often in Australia not touch anything with less than $1,000,000 damage or some large public exposure. This is a resource issue. This does not make it legal and there are firms who will file civil suits. Craig -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of mailing lists Sent: Thursday, 5 October 2006 6:07 PM To: joe () learnsecurityonline com Cc: pen-test () securityfocus com Subject: Re: Ps. Informing Companies about security vulnerabilities... Ps. we have had contact with the police a few times after some reactive_aggressive had reported a "hackers attack" to them. but after showing the law enforcers what really happened and how with prove, they every time reached the same conclusion with something like "So, they have wasted our time by screaming Wolf!, when you guys only did your friendly neighbour duty by telling them they didn't lock their car door, and did not take anything from it" and then the police phoned the complainers with the message, please stop wasting our time, we have closed the file. slight difference with your case, is that we do not actively go out to find sites and try attacks on them, we some times notice flaws when following a path from a paying clients who ask us to look at the information sources they are using. but i think there is nothing bad about walking over a parking space and putting notes under windshield-wipers of every car that has unlocked doors. just because most people don't care about their living environment, doesn't mean that the few friendly neighbours that still have the guts to stand for doing the right thing should be persecuted by those who stand for nothing other then making a few quick bucks. so ;) keep up the good work! there are way too many servers 'leaking' privacy sensitive information, and the people who's information is leaked are the real victims, not the rich companies who are responsible for leaking it by neglect. Cheers, ------------
Has anyone else gone through a similar situation? Was the company receptive? Other companies I've contacted in the past have been quite receptive - I'm just curious if other people have gone through this as well. No need to fill the list with this, you can email me directly with
your
inputs and stories. -- Joe McCray
------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016 00000008bOW ------------------------------------------------------------------------ Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists. DISCLAIMER The information contained in this email and any attachments is confidential. If you are not the intended recipient, you must not use or disclose the information. If you have received this email in error, please inform us promptly by reply email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. Any views expressed in this message are those of the individual sender. You may not rely on this message as advice unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by a Partner of BDO. BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised access. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Re: Ps. Informing Companies about security vulnerabilities... mailing lists (Oct 05)
- <Possible follow-ups>
- RE: Ps. Informing Companies about security vulnerabilities... Craig Wright (Oct 05)