Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RE: Sneaking a peek on Wlan in airports

From: ebk_lists () hotmail com
Date: 17 May 2007 22:34:29 -0000
I feel that I must interject here. Even at the risk of having my email killed by the moderator. 

Here goes:Jasper,For the sake of argument (or non-argument) I'll just assume your actions were an accident. Things do 
happen and we do get busy from time to time. It may be possible for the scenario you have outlined to have happened. 
Ok. 

So, for one thing, were your results being saved to the same file constantly? Was this the only additional password you 
picked up aside from the ones from the client's network? How are you to know? This may skew your results, no? What of 
any audit trails you may have? What if your client requests them? At the very least, you have created additional work 
for yourself. Secondly, why did you feel the need to post this to this mailing list from your work email? I think most 
people, even the most ethical and honest of us included, would have deleted the password and pretended it didn't happen 
(because honestly, in this day and age people would rather shoot the messenger than hear the message). But you asked 
the world what you should do, and in so doing, described a admittedly questionable scenario. I guess the main problem I 
have with your post is that you sent it from your work email, and I am quite surprised no one else has called you out 
on it, yet. PWC (price waterhouse cooper
 s) has worked really hard to establish itself as one of
the premier pen testing and computer auditing firms in the country,
even the world. Alot of us on this list work for companies that have
paid or will pay your company a tremendous amount of money to come and
conduct either a pen test or an audit (or both) on our networks. Seeing
things like this creates questions on what we are paying for and who we are allowing into our networks.I guess I can 
just sum it up by strongly recommending that you get a hotmail account to post to this list. I admit that I am far from 
perfect, but I wouldn't want to embarrass my employer, either.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: