Penetration Testing mailing list archives
Re: [PEN-TEST] finding offensive material
From: "Alexander Sarras (SEA)" <Alexander.Sarras () SEA ERICSSON SE>
Date: Wed, 7 Mar 2001 08:37:43 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-----Original Message----- From: Sheila [mailto:soulia () HOME COM] Sent: Tuesday, 06 March, 2001 9:05 PM To: PEN-TEST () SECURITYFOCUS COM Subject: [PEN-TEST] finding offensive material hello, If during penetration testing files are found on easily accessible business shares that could be defined as either sexually or racially offensive, how should that be presented in the finding in the final report. I assume this could leave a company open to law suite concerning hostile work environment, sexual harassment, racial discrimination, etc., so I would feel somewhat obligated to include it in the final report.
If it's not illegal content you dig up, I'd say ignore it. Unless being a morale guardian is part of your contract, or the policy there clearly forbids such content or private use at all and it's your job to check that too. What you could do is inform the owners of those shares to tighten them up or better still to move those content. This should throw a slight scare at them (especially if you also include your concerns about law suits). You might inform the management to the fact that business shares exist, which do not contain business but private data. Anything more would be up to them. Not living in the US (where a colleague of mine once whose informed that a piece of ASCII-art in an email he _received_ was sexual harassment) I might have a different attitude towards some contents. As long as it's not illegal I might leave it alone (even racist jokes et al., but I'd mark those bastards in my own little black book ;->) Regards (and be careful) SaS - -- Dr. Alexander Sarras Ericsson Austria | Phone: +43 1 811 00 4668 Pottendorferstr. 25 A-1121 Wien Austria - ----BEGIN GEEK CODE BLOCK----- Version: 3.1 GS>AT dpu++ s++:+ a>+++$ C++ UB*++++ P++ L+ !E W++(-) N++ K--- w--- O++ M- V+ !PS PE Y+ PGP+++ t++ 5-- X- R+>++ b++++ DI++ D--- G+>+++ e++++ h---- r+++ y++++ - -----END GEEK CODE BLOCK----- -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.1 Int. Comment: Paranoiacs live long and prosper! iQA/AwUBOqXXJPNEKPH/spuMEQIRUgCfUgjIrGQHZ8+fKpsoQP2JzoMooAAAn15G 0s9Gsg96jWYG1JHTUtkE/ifF =ZiXa -----END PGP SIGNATURE-----
Current thread:
- [PEN-TEST] finding offensive material Sheila (Mar 06)
- Re: [PEN-TEST] finding offensive material E, M (Mar 07)
- Re: [PEN-TEST] finding offensive material Laudon Williams (Mar 07)
- <Possible follow-ups>
- Re: [PEN-TEST] finding offensive material Andrew Walls (Mar 07)
- Re: [PEN-TEST] finding offensive material Alexander Sarras (SEA) (Mar 07)