Penetration Testing mailing list archives
RE: What is your policy on customers particapating in a pen test?
From: Steve Hutchins <Steve.Hutchins () optimation co nz>
Date: Mon, 25 Jun 2001 11:50:45 +1200
If the customer watches you get onto a box, what's the betting that they will stay all night patching all the other similar boxes so you can't exploit them.
Uhhh... So? This is not a competition. The idea is for the entity being attacked to improve their security. And the sooner they patch the holes the better.
If they do this during the test, it dilutes the impact of the test and can also block the finding of other holes they might have. It also spoils the fun of the pen testers! an analogy: the IRS auditing your books while you correct the books at the same time (mind you, that would be neat)! -----Original Message----- From: Crist Clark [mailto:crist.clark () globalstar com] Sent: Saturday, 23 June 2001 10:05 a.m. To: Steve Hutchins Cc: pen-test () securityfocus com Subject: Re: What is your policy on customers particapating in a pen test? Steve Hutchins wrote: [snip]
If the customer watches you get onto a box, what's the betting that they will stay all night patching all the other similar boxes so you can't exploit them.
Uhhh... So? This is not a competition. The idea is for the entity being attacked to improve their security. And the sooner they patch the holes the better. -- Crist J. Clark Network Security Engineer crist.clark () globalstar com Globalstar, L.P. (408) 933-4387 FAX: (408) 933-4926 The information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact postmaster () globalstar com
Current thread:
- RE: What is your policy on customers particapating in a pen test? Duquette, John (Jun 21)
- Re: What is your policy on customers particapating in a pen test? James Chamier (Jun 22)
- <Possible follow-ups>
- RE: What is your policy on customers particapating in a pen test? Steve Hutchins (Jun 22)
- RE: What is your policy on customers particapating in a pen test? Steve Hutchins (Jun 24)
- RE: What is your policy on customers particapating in a pen test? Steve Hutchins (Jun 24)