Penetration Testing mailing list archives
Re: [PEN-TEST] finding offensive material
From: Laudon Williams <eldub () POBOX COM>
Date: Tue, 6 Mar 2001 19:53:20 -0800
I look at it as a fairly straight forward issue. If this is a straight pen-test (no policy component), then I'd just let it go, unless they have some type of control in place and it is being circumvented. If I had a good relationship with someone at the company, I might let them know off the record. If this is a straight pen-test, it seems to be clearly out of scope (least the way I scope these). If the company lacks policy, this will cause a stir that they may not know how to deal with. If you don't plan to offer "expert" advice on how to solve these types of issues with proper policy and controls, it seems kinda like pitching a grenade over the wall and leaving someone else to deal with it. On the other hand, if you are fluent in the legal implications and writing appropriate policies, drive on. -LW -> -----Original Message----- -> From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf -> Of Sheila -> Sent: Tuesday, March 06, 2001 12:05 PM -> To: PEN-TEST () SECURITYFOCUS COM -> Subject: [PEN-TEST] finding offensive material -> -> -> hello, -> If during penetration testing files are found on easily -> accessible business -> shares that could be defined as either sexually or racially -> offensive, how -> should that be presented in the finding in the final report. I -> assume this -> could leave a company open to law suite concerning hostile work -> environment, -> -> Sheila Soulia
Current thread:
- [PEN-TEST] finding offensive material Sheila (Mar 06)
- Re: [PEN-TEST] finding offensive material E, M (Mar 07)
- Re: [PEN-TEST] finding offensive material Laudon Williams (Mar 07)
- <Possible follow-ups>
- Re: [PEN-TEST] finding offensive material Andrew Walls (Mar 07)
- Re: [PEN-TEST] finding offensive material Alexander Sarras (SEA) (Mar 07)