From: Tremaine Lea (pen-test@ddiction.com)
Date: Thu May 17 2007 - 16:10:32 EDT
In a situation where you have operated outside contractual bounds,
the perceived legal risk is non-trivial. The results of sharing your
findings are extremely difficult to gauge, and can vary from the
users appreciation for your honesty and integrity to a large
corporate entity pursuing you relentlessly in court to make a point
about 'hackers'.
While it may be tempting to provide assistance to the person or
corporation involved, I think the risk is simply too high to be
acceptable. It is not in our best interests professionally to
operate outside the bounds of business and play white hat cowboy.
--- Tremaine Lea Network Security Consultant Be in pursuit of equality, but not at the expense of excellence. On 17-May-07, at 1:57 PM, Erin Carroll wrote: > All, > > Tremaine has a point I'd like to tangent from. There are many posts > that > come across the list that can be interpreted as actions or events > which are > questionable given the scenario. Unless explicitly stated by > someone or > obviously illegal, please try to assume that the question or > situation is of > a benign nature. We could argue about intentions or likelihood > until we're > blue in the face but it generally devolves to flaming or not-so-nice > inferences that I do not want on this list. > > Yes, there are script kiddies and unethical behavior in our > profession... > But let's focus on the issue at hand and not the motive: You encounter > leaking sensitive data that was not in scope of a job or part of > your duties > etc. What should you do? > > > -- > Erin Carroll > Moderator > SecurityFocus pen-test list > "Do Not Taunt Happy-Fun Ball" > >> -----Original Message----- >> From: listbounce@securityfocus.com >> [mailto:listbounce@securityfocus.com] On Behalf Of Tremaine Lea >> Sent: Thursday, May 17, 2007 10:36 AM >> To: Eduardo Di Monte >> Cc: jasper.o.waale@kh.pwc.com; listbounce@securityfocus.com; >> pen-test@securityfocus.com >> Subject: Re: Sneaking a peek on Wlan in airports >> >> Starting a sniffer by error is pretty unlikely. >> >> >> Starting a sniffer and then closing your laptop after having >> forgotten about it, that's not unlikely. >> >> >> >> >> --- >> >> Tremaine Lea >> Network Security Consultant >> >> Be in pursuit of equality, but not at the expense of excellence. >> >> >> On 17-May-07, at 4:15 AM, Eduardo Di Monte wrote: >> >>> Jasper, >>> >>> You don´t run a sniffer by error, so stay away from doing >> this again. >>> >>> Regards, >>> >>> Eduardo Di Monte >>> >>> >>> -----Mensaje original----- >>> De: listbounce@securityfocus.com >>> [mailto:listbounce@securityfocus.com] En nombre de >>> jasper.o.waale@kh.pwc.com Enviado el: miércoles, 16 de mayo de 2007 >>> 7:20 >>> Para: listbounce@securityfocus.com; pen-test@securityfocus.com >>> Asunto: Sneaking a peek on Wlan in airports >>> >>> I'm sure you as I have many time been in airport with public wlan >>> access and by error had some kind of sniffer running ? >>> >>> well I has Cain open because of a general scan I was making >> related to >>> a test, and I picked up a Pop3 account and password, I did >> try to find >>> the guy to tell him but did not see anybody with a laptop, >> so what now >>> do I email him as asking him to update the password or do I just >>> ignore it and let he carry on doing this to him self and his firm. >>> >>> Regards >>> >>> Jasper O Waale >>> _________________________________________________________________ >>> The information transmitted is intended only for the person >> or entity >>> to which it is addressed and may contain confidential and/or >>> privileged material. Any review, retransmission, dissemination or >>> other use of, or taking of any action in reliance upon, this >>> information by persons or >>> entities other than the intended recipient is prohibited. If you >>> received >>> this in error, please contact the sender and delete the >> material from >>> any computer. >>> >>> >>> >> --------------------------------------------------------------------- >> - >>> -- >>> This List Sponsored by: Cenzic >>> >>> Are you using SPI, Watchfire or WhiteHat? >>> Consider getting clear vision with Cenzic See HOW Now with >> our 20/20 >>> program! >>> >>> http://www.cenzic.com/c/2020 >>> >> --------------------------------------------------------------------- >> - >>> -- >>> >>> >>> >> --------------------------------------------------------------------- >> - >>> -- >>> This List Sponsored by: Cenzic >>> >>> Are you using SPI, Watchfire or WhiteHat? >>> Consider getting clear vision with Cenzic See HOW Now with >> our 20/20 >>> program! >>> >>> http://www.cenzic.com/c/2020 >>> >> --------------------------------------------------------------------- >> - >>> -- >>> >>> >>> >> >> >> -------------------------------------------------------------- >> ---------- >> This List Sponsored by: Cenzic >> >> Are you using SPI, Watchfire or WhiteHat? >> Consider getting clear vision with Cenzic See HOW Now with >> our 20/20 program! >> >> http://www.cenzic.com/c/2020 >> -------------------------------------------------------------- >> ---------- >> > > > ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:48 EDT