Penetration Testing mailing list archives
proposed pen-test
From: John Grimes <john.k.grimes () gmail com>
Date: Sun, 7 Mar 2010 11:03:31 -0800
Hi-- A consultant firm has recommended to my university's IT department that we run the following pen-test: We send, through regular mail, a letter to members of the staff and faculty, that appears to come from a well-known social networking site, that is, it uses a facsimile of the actual letterhead and envelope of the site, including the correct return address. In this letter, we invite the recipient to beta-test a new version of the social networking site by using the program on the enclosed usb stick. We offer a gift card to a major online retailer as further inducement. If any staff member plugs in the usb stick, they will be told in a pop-up window that they have been duped, and the fact will be logged to a server at the university. It seems to us that there are two potential legal problems here: impersonating the social networking site, and using the US postal service for a fraudulent, if well-intentioned, purpose. Can anyone here comment on this? Beyond the legalities, does this seem like an effective and worthwhile test? Thanks for any insight. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- proposed pen-test John Grimes (Mar 08)
- Re: proposed pen-test Tracy Reed (Mar 08)
- RE: proposed pen-test Password Crackers, Inc. (Mar 08)
- Re: proposed pen-test John Kinsella (Mar 08)
- Re: proposed pen-test Steve Friedl (Mar 11)
- Re: proposed pen-test Matt Gardenghi (Mar 11)
- Re: proposed pen-test Steve Friedl (Mar 11)
- Re: proposed pen-test Terry Cutler (Mar 08)
- Re: proposed pen-test Shohn Trojacek (Mar 08)
- RE: proposed pen-test Gorgon Beast (Mar 11)
- Re: proposed pen-test Eric Milam (Mar 11)
- <Possible follow-ups>
- Re: proposed pen-test krymson (Mar 08)