Penetration Testing mailing list archives
Re: [PEN-TEST] Ethics Scenario
From: Erik Tayler <erik () digitaloffense net>
Date: Mon, 2 Oct 2000 16:27:36 -0500
True, but it should be noted that in the eyes of most, it would look like you are just scanning the 'net for vulnerabilities in search of money. If someone came to me wanting to fix my systems because they have found something wrong, I would immediately assume the following: 1 - Maybe they are lying, and trying to assume that I know little about security. 2 - They are contacting many others besides me, for the never-ending search of money. Obviously this isn't always the case, there are some out there that really do care about the security of the community, however some are completely money driven. Erik Tayler http://www.14x.net http://www.digitaloffense.net -----Original Message----- From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf Of SM Sent: Monday, October 02, 2000 3:40 PM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: Ethics Scenario Why not? It seems that since you are not causing the security flaw, and just noticed it, that it would be perfectly appropriate to let them know who you are and what you do, as well as offer your services. I don't think this is chasing the ambulance type scenario, that would imply that you show up after "something" has happened to offer your services, which also seems appropriate. However, this is more trying to prevent the ambulance from even showing up in the first place. Now, if you notice a security problem, then exploit it, and then contacting them for a "solution" that would seem unethical, as well as possibly illegal. Just my thoughts... SM
Current thread:
- [PEN-TEST] Ethics Scenario Christopher M. Bergeron (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Edward Mitchell (Oct 02)
- Re: [PEN-TEST] Ethics Scenario SM (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Erik Tayler (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Erik Tayler (Oct 02)
- <Possible follow-ups>
- Re: [PEN-TEST] Ethics Scenario Dunker, Noah (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Steve (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Tonick, Mike (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Gallicchio, Florindo (2282) (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Darryl Rathbun (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Spy Fox (Oct 02)