Penetration Testing mailing list archives
Fwd: They will protect me (won't they?)
From: Dotzero <dotzero () gmail com>
Date: Wed, 11 Feb 2009 18:34:25 -0500
apologies, meant to send this to the list as well. ---------- Forwarded message ---------- From: Dotzero <dotzero () gmail com> Date: Wed, Feb 11, 2009 at 6:33 PM Subject: Re: They will protect me (won't they?) To: Michael Condon <admin () singulartechnologysolutions com> On Wed, Feb 11, 2009 at 5:14 PM, Michael Condon <admin () singulartechnologysolutions com> wrote:
Doesn't surprise me too much. Remember the case a few months ago where a couple of guys were convicted for hijacking free VOIP? They started by trolling routers with the router admin backdoor account still at factory default. In my own experience, for one example, I was testing one of my own apps for W3C compliance, SQL Injection vulnerabilities and XSS. On one pass, my code was squeaky clean, but GrendelScan was able to clone the backup directory (that the hosting company maintains). I told them, and they said it was up to me to set permissions on the dir with my own .htaccess file, and they do not assist in "user scripting issues". Yes, for a backup directory that they created and maintain and populate with data using their own backup software. Not a small hosting company either.
So here's my question. Do they address this in documentation that is available to their customer? If it is documented clearly that's one thing. If it's not, that's another.
Current thread:
- They will protect me (won't they?) Adriel T. Desautels (Feb 10)
- Re: They will protect me (won't they?) Jamie Riden (Feb 11)
- Re: They will protect me (won't they?) Adriel T. Desautels (Feb 11)
- Re: They will protect me (won't they?) Jamie Riden (Feb 11)
- Re: They will protect me (won't they?) Adriel T. Desautels (Feb 11)
- Re: They will protect me (won't they?) Sat Jagat Singh (Feb 11)
- Re: They will protect me (won't they?) Adriel T. Desautels (Feb 11)
- Re: They will protect me (won't they?) Jamie Riden (Feb 11)
- Re: They will protect me (won't they?) Adriel T. Desautels (Feb 11)
- Re: They will protect me (won't they?) Dotzero (Feb 11)
- Re: They will protect me (won't they?) Adriel T. Desautels (Feb 11)
- Message not available
- Message not available
- Fwd: They will protect me (won't they?) Dotzero (Feb 11)