Penetration Testing mailing list archives
Re: OOO FLAME
From: natron <natron () invisibledenizen org>
Date: Tue, 16 Sep 2008 16:29:37 -0500
Quote: "Let's take Ray's tangent and run with it. What (if any) ways are OOO messages useful from a pen-test perspective? How would you use the knowledge that someone is away/on vacation in a pen-test?" One of the more useful OOO messages I've seen on a PT was where it informed you of the direct line to the Help Desk. "If you have any trouble not covered by the above, please contact the help desk at 555-5555." Hellloo, social engineering. N On Sun, Sep 14, 2008 at 2:01 PM, Erin Carroll <amoeba () amoebazone com> wrote:
List, Let's take Ray's tangent and run with it. What (if any) ways are OOO messages useful from a pen-test perspective? How would you use the knowledge that someone is away/on vacation in a pen-test? Would you alter your techniques or target those accounts specifically in the hopes that brute force or other account specific techniques might have a window to go unnoticed? I'm just trying to get a conversational ball rolling here. I know where I would modify my tactics but I'm curious to see what members say. I know that one area many companies are historically weak is in logging of security events. Or rather, in having someone actually pay attention to all those alerts. -- Erin Carroll Moderator, SecurityFocus pen-test mailing list amoeba () amoebazone com "Do Not Taunt Happy-Fun Ball" -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of ray.hawkins () comcast net Sent: Saturday, September 13, 2008 2:47 PM To: Jon.Kibler () aset com; pen-test () securityfocus com Cc: Jon Kibler Subject: Re: OOO FLAME Um - who cares? If I go on vacation, come back and forget to turn OOO 'off" then I am really in or am I really out? Or am I just daring someone to hack me? Is no different than the carefully timed light controls people use to make it appear they are at home while on vacation - if your house is being cased by anyone with half a brain they'll figure out you really aren't home. If the actual pesky messages bug you then create a rule to filter them from your inbox. Cookies and milk for all. ~Cheers -------------- Original message ---------------------- From: Jon Kibler <Jon.Kibler () aset com>-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 <RANT> Hey y'all, This is supposed to be a group for pen testers. Isn't it kinda lame for pen testers to be broadcasting OOO messages to the world? Especially to other pen testers? Especially from your work email address? Can you say, "Hack me please! I am not in the office to see what you are doing to my (choose one or more of the following) network / servers / web site / database / users." Come on now, let's get with it! If you have to send OOO messages, PLEASE at least filter them so that they do not get outside of your organization -- or, especially to mailing lists! Ever time I post to this group (and other SF groups), I seem to get about a dozen bounces from either OOO messages or 'you do not have permission to post to Google groups.' Which brings up another point: What is with all the Google groups bounces? If this is a SF auto-post thing, could someone in SF *PLEASE* obfuscate the sender's email address so s/he does not get all those (expletive deleted) bounces? If it is the result of some lamer in this group, will you *PLEASE* find some other way to do the posting without the author getting flamed for trying to post when they do not have permission? </RANT> Thank you for your indulgence. Jon K. - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-224-2494 s: 843-564-4224 http://www.linkedin.com/in/jonrkibler My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjK/OoACgkQUVxQRc85QlOEeQCeKdcWArFnoPiGIjg+ItDVIVfm P2IAn3HscnmuK2iTkY7QA/Qb4GEsPT+G =xWAK -----END PGP SIGNATURE----- ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.169 / Virus Database: 270.6.19/1664 - Release Date: 9/14/2008 7:16 AM ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- RE: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME], (continued)
- RE: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Oftedahl, Douglas (Sep 16)
- Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Pete Herzog (Sep 16)
- RE: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Alexandru Bradescu-Popa (Sep 15)
- Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Michael Boman (Sep 15)
- RE: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Alexandru Bradescu-Popa (Sep 16)
- Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] David Howe (Sep 16)
- Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Micheal Cottingham (Sep 15)
- Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Jorge L. Vazquez (Sep 15)
- Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] M.B.Jr. (Sep 17)
- Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Adam Thompson (Sep 18)
- Message not available
- Re: OOO FLAME natron (Sep 17)