From: Security Tester (idstester@hotmail.com)
Date: Mon Mar 22 2004 - 07:22:46 EST
Blake,
I have found this sort of testing to be appropriate, as long as you have
laid it out clearly in your ROE from the beginning. If you are planning on
using an e-mail Trojan, you must give specific assurances to your client
that the Trojan will only perform a certain function and nothing else.
People do not like to be blindsided with this sort of thing, but it is,
IMHO, a necessary evil to demonstrate the lack of security with regards to
e-mail. I say go for it...But never perofrm this attack without first
clearing it with the client.
_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from McAfeeŽ
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
---------------------------------------------------------------------------
You're a pen tester, but is google.com still your R&D team?
Now you can get trustworthy commercial-grade exploits and the latest
techniques from a world-class research group.
www.coresecurity.com/promos/sf_ept1
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:51 EDT