Penetration Testing mailing list archives
Re: Pentester convicted..
From: Phoebe Tunstall <foibey () gmail com>
Date: Fri, 12 May 2006 20:52:18 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 12 May 2006 13:55:03 -0400 Karyn Pichnarczyk <karyn () sandstorm net> wrote:
Therefore, the Actual Damage is the re-evaluation of all systems, and verification of all data on those compromised systems, to ensure that the company's data has not been twiddled with/changed/modified.
I wouldn't argue that what the people mentioned in the articles did was ethical (or particularly sane). However, surely once a critical flaw like that is discovered at all the data accessed must be considered potentially-compromised, whether the flaw was discovered by someone who had permission to look or not. The data was available relatively easily to anyone who took a look. There's a good possibility that there have already been intruders who weren't so gracious as to identify themselves. The intruder who identifies themselves is not responsible for this "damage", as the damage exists with or without them. I think the actual damage you refer to is just logical phallacy to cover the issue that a piece of critical technology is seriously flawed. An intruder who does nothing to a company but inform them of a security flaw doesn't hurt the company, as the problem was there before they arrived.
A defense of "I didn't do anything" does not lead much credence to a criminal's testimony.
No, but identifying yourself as the perp does in a few legal systems. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFEZOd41vzgRTK71/IRAqTqAKCx2B9ARYCUKFfnJunDuG26dneXlQCgkYJ4 4ShGJ0dYxLJndbs4Y4qh2cU= =jWhX -----END PGP SIGNATURE-----
Current thread:
- RE: Pentester convicted.., (continued)
- RE: Pentester convicted.. Mike Wright (May 11)
- Re: Pentester convicted.. Davide Carnevali (May 11)
- Re: Pentester convicted.. Karyn Pichnarczyk (May 11)
- Re: Pentester convicted.. Stuart Thomas (May 11)
- Re: Pentester convicted.. Jason Mayer (May 11)
- Re: Pentester convicted.. Art Cooper (May 11)
- Re: Pentester convicted.. lee . e . rian (May 12)
- Re: Pentester convicted.. Art Cooper (May 12)
- Re: Pentester convicted.. Karyn Pichnarczyk (May 12)
- Re: Pentester convicted.. Art Cooper (May 12)
- Re: Pentester convicted.. Phoebe Tunstall (May 12)
- Re: Pentester convicted.. lee . e . rian (May 12)
- Get out of jail cards (Statement of work authorizing access, was Re: Pentester convicted..) Michael Sierchio (May 12)
- Re: Get out of jail cards (Statement of work authorizing access, was Re: Pentester convicted..) Dana (May 12)
- Re: Get out of jail cards (Statement of work authorizing access, was Re: Pentester convicted..) Jeremiah Cornelius (May 12)
- Re: Get out of jail cards (Statement of work authorizing access, was Re: Pentester convicted..) Dotzero (May 12)
- Re: Get out of jail cards (Statement of work authorizing access, was Re: Pentester convicted..) Paul Asadoorian (May 12)
- RE: Get out of jail cards (Statement of work authorizing access, was Re: Pentester convicted..) Clement Dupuis (May 12)