Penetration Testing mailing list archives

Re: OOO FLAME

From: natron <natron () invisibledenizen org>
Date: Tue, 16 Sep 2008 16:29:37 -0500

 Quote:
 "Let's take Ray's tangent and run with it. What (if any) ways are OOO
 messages useful from a pen-test perspective? How would you use the knowledge
 that someone is away/on vacation in a pen-test?"

 One of the more useful OOO messages I've seen on a PT was where it
 informed you of the direct line to the Help Desk.  "If you have any
 trouble not covered by the above, please contact the help desk at
 555-5555."  Hellloo, social engineering.

 N

On Sun, Sep 14, 2008 at 2:01 PM, Erin Carroll <amoeba () amoebazone com> wrote:

List,

Let's take Ray's tangent and run with it. What (if any) ways are OOO
messages useful from a pen-test perspective? How would you use the knowledge
that someone is away/on vacation in a pen-test? Would you alter your
techniques or target those accounts specifically in the hopes that brute
force or other account specific techniques might have a window to go
unnoticed?

I'm just trying to get a conversational ball rolling here. I know where I
would modify my tactics but I'm curious to see what members say. I know that
one area many companies are historically weak is in logging of security
events. Or rather, in having someone actually pay attention to all those
alerts.


--
Erin Carroll
Moderator, SecurityFocus pen-test mailing list
amoeba () amoebazone com
"Do Not Taunt Happy-Fun Ball"




-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of ray.hawkins () comcast net
Sent: Saturday, September 13, 2008 2:47 PM
To: Jon.Kibler () aset com; pen-test () securityfocus com
Cc: Jon Kibler
Subject: Re: OOO FLAME

Um - who cares?  If I go on vacation, come back and forget to turn OOO 'off"
then I am really in or am I really out?  Or am I just daring someone to hack
me?  Is no different than the carefully timed light controls people use to
make it appear they are at home while on vacation - if your house is being
cased by anyone with half a brain they'll figure out you really aren't home.
If the actual pesky messages bug you then create a rule to filter them from
your inbox.

Cookies and milk for all.

~Cheers


 -------------- Original message ----------------------
From: Jon Kibler <Jon.Kibler () aset com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

<RANT>

Hey y'all,

This is supposed to be a group for pen testers. Isn't it kinda lame
for pen testers to be broadcasting OOO messages to the world?
Especially to other pen testers? Especially from your work email address?

Can you say, "Hack me please! I am not in the office to see what you
are doing to my (choose one or more of the following) network /
servers / web site / database / users."

Come on now, let's get with it! If you have to send OOO messages,
PLEASE at least filter them so that they do not get outside of your
organization -- or, especially to mailing lists!

Ever time I post to this group (and other SF groups), I seem to get
about a dozen bounces from either OOO messages or 'you do not have
permission to post to Google groups.'

Which brings up another point: What is with all the Google groups
bounces? If this is a SF auto-post thing, could someone in SF *PLEASE*
obfuscate the sender's email address so s/he does not get all those
(expletive deleted) bounces? If it is the result of some lamer in this
group, will you *PLEASE* find some other way to do the posting without
the author getting flamed for trying to post when they do not have
permission?

</RANT>

Thank you for your indulgence.

Jon K.
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
c: 843-224-2494
s: 843-564-4224
http://www.linkedin.com/in/jonrkibler

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkjK/OoACgkQUVxQRc85QlOEeQCeKdcWArFnoPiGIjg+ItDVIVfm
P2IAn3HscnmuK2iTkY7QA/Qb4GEsPT+G
=xWAK
-----END PGP SIGNATURE-----




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.




No virus found in this incoming message.
Checked by AVG - http://www.avg.com
Version: 8.0.169 / Virus Database: 270.6.19/1664 - Release Date: 9/14/2008
7:16 AM


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

Current thread:

RE: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME], (continued)
- - - RE: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Oftedahl, Douglas (Sep 16)
    - Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Pete Herzog (Sep 16)
    - RE: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Alexandru Bradescu-Popa (Sep 15)
    - Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Michael Boman (Sep 15)
    - RE: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Alexandru Bradescu-Popa (Sep 16)
    - Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] David Howe (Sep 16)
    - Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Micheal Cottingham (Sep 15)
    - Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Jorge L. Vazquez (Sep 15)
    - Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] M.B.Jr. (Sep 17)
    - Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Adam Thompson (Sep 18)
    - Message not available
    - Re: OOO FLAME natron (Sep 17)