Penetration Testing mailing list archives
RE: Pre-Scanning for Marketing
From: "Shenk, Jerry A" <jshenk () decommunications com>
Date: Tue, 10 Jan 2006 17:58:59 -0500
We did it once where it worked well, once where the sales person gave the customer everything during the sales process (duh...) and a few times where basically nothing happened. I'd say that a lot of it rests on the shoulders of sales. In the one that worked well, I was working for a client in the area and I collected some unencrypted traffic and realized it wasn't my customer. I also realized that some of the information looked like personal information and after looking at it a little closer, that personal information seemed to be accompanied by credit card numbers. It took nearly a year to get an engagement for a wireless audit from that customer. We then did a follow-up audit and another one later. The one where we gave the information away, I was asked for a document specifying what I'd found. I recommended that we NOT do that but I was overruled. Once they got that information, they had everything they needed to make a case internally that the wireless APs needed to be secured (30 or so in a hospital) and they took care of it. Well, I don't know how well they took care of it 'cuz I never did an audit but I do know that the traffic was now WEPped so at least it wasn't plain text across the air anymore. A number of other times, there was no response. I've also pointed out wireless security flaws to customers that I've already been involved with. That went much better but that's not really what you're asking about. -----Original Message----- From: Password Crackers, Inc. [mailto:pwcrack () pwcrack com] Sent: Tuesday, January 10, 2006 10:11 AM To: pen-test () securityfocus com Subject: Pre-Scanning for Marketing I am interested if anyone on the list has ever tested or implemented a marketing program that involved pre-scanning (wired or wireless) a prospect and then sending a letter or email describing potential vulnerabilities and offering assistance in closing these vulnerabilities. I have never done this because of the anticipated negative reaction, but I am curious as to what the outcome was if anyone else has done it. Single instances would be interesting, but I am more curious if anyone has implemented this in a more broad-based way and has positive and/or negative response rate statistics. Bob Weiss Password Crackers, Inc. ------------------------------------------------------------------------ ------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ------------------------------------------------------------------------ ------- **DISCLAIMER This e-mail message and any files transmitted with it are intended for the use of the individual or entity to which they are addressed and may contain information that is privileged, proprietary and confidential. If you are not the intended recipient, you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received this communication in error, please notify the sender and delete this e-mail message. The contents do not represent the opinion of D&E except to the extent that it relates to their official business. ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Pre-Scanning for Marketing Password Crackers, Inc. (Jan 10)
- RE: Pre-Scanning for Marketing Chris Serafin (Jan 10)
- RE: Pre-Scanning for Marketing Ebeling, Jr., Herman Frederick (Jan 11)
- Re: Pre-Scanning for Marketing Steve Friedl (Jan 11)
- Re: Pre-Scanning for Marketing alan (Jan 11)
- RE: Pre-Scanning for Marketing Nathan Einwechter (Jan 13)
- Re: Pre-Scanning for Marketing Kurt Seifried (Jan 15)
- RE: Pre-Scanning for Marketing Ken Kousky (Jan 17)
- Re: Pre-Scanning for Marketing Kurt Seifried (Jan 15)
- Re: Pre-Scanning for Marketing Kevin Johnson (Jan 14)
- <Possible follow-ups>
- RE: Pre-Scanning for Marketing Shenk, Jerry A (Jan 10)
- RE: Pre-Scanning for Marketing Ed Hudson (Jan 10)
- RE: Pre-Scanning for Marketing Stonewall (Jan 11)
- RE: Pre-Scanning for Marketing Password Crackers, Inc. (Jan 10)
- RE: Pre-Scanning for Marketing Wray, Donald W (Jan 11)
- RE: Pre-Scanning for Marketing David Ball (Jan 11)
- Re: Pre-Scanning for Marketing Robin Wood (Jan 11)
- RE: Pre-Scanning for Marketing Rapaille Maxime (Jan 11)
- Re: Pre-Scanning for Marketing Pete Herzog (Jan 11)
- RE: Pre-Scanning for Marketing Ron Yount (Jan 11)
- RE: Pre-Scanning for Marketing Maxim Kostioukov (Jan 12)
(Thread continues...)
- RE: Pre-Scanning for Marketing Chris Serafin (Jan 10)