Security Basics mailing list archives

Re: Opinions on vulnerability scanning practice?

From: "Irwan Ismail" <irwan.ismail () gmail com>
Date: Fri, 4 Aug 2006 17:03:55 +0800

I totally agree with you. No matter what requirements they have, it's
a basic and common practice to obtain permission prior to running any
scans. Otherwise, you have every right to file a lawsuit!


On 2 Aug 2006 22:20:06 -0000, rgutter () gmail com <rgutter () gmail com> wrote:

I'd like to get a community opinion on this. We're a union that provides free web hosting to a number of related 
non-profit organizations. Some of them have gone to a third-party provider for e-commerce functionality, and obviously want to 
link to that provider from their sites on our server.


Wanting to set up merchant accounts for these organizations, that provider's e-commerce service (Beanstream) had a risk 
management firm run a vulnerability scan on our server, stating that Visa requires AIS end-to-end compliance within the Visa 
payment system.


Now, I recognize the desire to prevent pharming and similar attacks that could occur were my system to be compromised, but my 
first response was: "Who the ^*$$* do you think you are to run a scan on my system without permission?"


What's the deal here? Am I out of line? Is this normal practice?

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE

The NSA has designated Norwich University a center of Academic Excellencein Information Security. Our program offers unparalleled Infosec managementeducation and the case study affords you unmatched consulting experience.Using interactive e-Learning technology, you can earn this esteemed degree,without disrupting your career or home life.


http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

Opinions on vulnerability scanning practice? rgutter (Aug 03)
- RE: Opinions on vulnerability scanning practice? David Gillett (Aug 04)
- Re: Opinions on vulnerability scanning practice? Mitch Pope (Aug 04)
  - Re: Opinions on vulnerability scanning practice? Ansgar -59cobalt- Wiechers (Aug 05)
  - Re: Opinions on vulnerability scanning practice? Eric Furman (Aug 05)
- Re: Opinions on vulnerability scanning practice? Irwan Ismail (Aug 04)
- <Possible follow-ups>
- RE: Opinions on vulnerability scanning practice? Jeffrey Wei (Aug 04)
- Re: Opinions on vulnerability scanning practice? krymson (Aug 04)
- RE: Opinions on vulnerability scanning practice? Krpata, Tyler (Aug 04)
- Re: Opinions on vulnerability scanning practice? knox . justin (Aug 04)
- Re: Opinions on vulnerability scanning practice? benjaminz (Aug 04)
- Re: Opinions on vulnerability scanning practice? gazwj (Aug 04)
- Re: Opinions on vulnerability scanning practice? simonis (Aug 04)