Penetration Testing mailing list archives
RE: Pre-Scanning for Marketing
From: "Bergert, David" <David.Bergert () rsmi com>
Date: Tue, 10 Jan 2006 19:10:52 -0600
I would be careful with this... reminds me of Adrian Lamo.. in some ways http://www.securityfocus.com/news/7771 "Lamo has become something a tech-media darling for his rootless, wandering lifestyle -- Wired News dubbed him the "Homeless Hacker" -- combined with his habit of publicly exposing security holes at large corporations, then voluntarily helping the companies fix the vulnerabilities he exploited, sometimes visiting their offices or signing non-disclosure agreements in the process." Some companies might classify your "scan" as a unauthorized attempt on there computer/network systems, sue you and perhaps use your "letter" as proof against you. I would suggest your letter offer the "scanning" and to get explicit netblock's of IP ranges also with the permission from the company, and perhaps offer the scan for free, you were going to do this anyway without permission ? and do the consulting stuff / remediation based upon your report. Also keep in mind that some scanning software with certain configurations can crash or remotely exploit (safe_checks in Nessuss for example). Regards, David Bergert -----Original Message----- From: Password Crackers, Inc. [mailto:pwcrack () pwcrack com] Sent: Tuesday, January 10, 2006 9:11 AM To: pen-test () securityfocus com Subject: Pre-Scanning for Marketing I am interested if anyone on the list has ever tested or implemented a marketing program that involved pre-scanning (wired or wireless) a prospect and then sending a letter or email describing potential vulnerabilities and offering assistance in closing these vulnerabilities. I have never done this because of the anticipated negative reaction, but I am curious as to what the outcome was if anyone else has done it. Single instances would be interesting, but I am more curious if anyone has implemented this in a more broad-based way and has positive and/or negative response rate statistics. Bob Weiss Password Crackers, Inc. ------------------------------------------------------------------------ ------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ------------------------------------------------------------------------ ------- DISCLAIMER: This e-mail is only intended for the person(s) to whom it is addressed and may contain confidential information. Unless stated to the contrary, any opinions or comments are personal to the writer and do not represent the official view of the company. If you have received this e-mail in error, please notify us immediately by reply e-mail and then delete this message from your system. Please do not copy it or use it for any purposes, or disclose its contents to any other person. Thank you for your cooperation. Any advice contained in this email (including any attachments unless expressly stated otherwise) is not intended or written to be used, and cannot be used, for purposes of avoiding tax penalties that may be imposed on any taxpayer. ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- RE: Pre-Scanning for Marketing, (continued)
- RE: Pre-Scanning for Marketing Stonewall (Jan 11)
- RE: Pre-Scanning for Marketing Password Crackers, Inc. (Jan 10)
- RE: Pre-Scanning for Marketing Wray, Donald W (Jan 11)
- RE: Pre-Scanning for Marketing David Ball (Jan 11)
- Re: Pre-Scanning for Marketing Robin Wood (Jan 11)
- RE: Pre-Scanning for Marketing Rapaille Maxime (Jan 11)
- Re: Pre-Scanning for Marketing Pete Herzog (Jan 11)
- RE: Pre-Scanning for Marketing Ron Yount (Jan 11)
- RE: Pre-Scanning for Marketing Maxim Kostioukov (Jan 12)
- RE: Pre-Scanning for Marketing Rapaille Maxime (Jan 12)
- RE: Pre-Scanning for Marketing Bergert, David (Jan 13)