Pentesters giving away Client information

["Nexus" <nexus () patrol i-way co uk>]

Hi folks,
    Taking a slant on the "pentesters getting owned" thread, how about the
information that people sometimes give away, especially on public mailing
lists ?

One Example : The Security Focus lists used to be excellent for this before
their list software started mangling the headers as you would get webmail
based posts along the lines of the common "doing a pen test for a client.."
and a quick check of the header gives you the originating IP, quick whois
and you know who the client is as they sent it from the client network....
</bless>
OK, I have a fetish for email headers as you can probably tell by mine (;-)
but does anyone else examine posts on a regular basis ?

Any other war stories^H^H^H^H^H^H^H^H^Hfave examples ?

Cheers.

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave