From: Bergert, David (David.Bergert@rsmi.com)
Date: Tue Jan 10 2006 - 20:10:52 EST
I would be careful with this... reminds me of Adrian Lamo.. in some
ways
http://www.securityfocus.com/news/7771
"Lamo has become something a tech-media darling for his rootless,
wandering lifestyle -- Wired News dubbed him the "Homeless Hacker" --
combined with his habit of publicly exposing security holes at large
corporations, then voluntarily helping the companies fix the
vulnerabilities he exploited, sometimes visiting their offices or
signing non-disclosure agreements in the process."
Some companies might classify your "scan" as a unauthorized attempt on
there computer/network systems, sue you and perhaps use your "letter" as
proof against you.
I would suggest your letter offer the "scanning" and to get explicit
netblock's of IP ranges also with the permission from the company, and
perhaps offer the scan for free, you were going to do this anyway
without permission ? and do the consulting stuff / remediation based
upon your report.
Also keep in mind that some scanning software with certain
configurations can crash or remotely exploit (safe_checks in Nessuss for
example).
Regards,
David Bergert
-----Original Message-----
From: Password Crackers, Inc. [mailto:pwcrack@pwcrack.com]
Sent: Tuesday, January 10, 2006 9:11 AM
To: pen-test@securityfocus.com
Subject: Pre-Scanning for Marketing
I am interested if anyone on the list has ever tested or implemented a
marketing program that involved pre-scanning (wired or wireless) a
prospect
and then sending a letter or email describing potential vulnerabilities
and
offering assistance in closing these vulnerabilities. I have never done
this because of the anticipated negative reaction, but I am curious as
to
what the outcome was if anyone else has done it. Single instances would
be
interesting, but I am more curious if anyone has implemented this in a
more
broad-based way and has positive and/or negative response rate
statistics.
Bob Weiss
Password Crackers, Inc.
------------------------------------------------------------------------
------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on
your
website. Up to 75% of cyber attacks are launched on shopping carts,
forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before
hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
------------------------------------------------------------------------
-------
DISCLAIMER:
This e-mail is only intended for the person(s) to whom it is addressed and may contain confidential information. Unless stated to the contrary, any opinions or comments are personal to the writer and do not represent the official view of the company. If you have received this e-mail in error, please notify us immediately by reply e-mail and then delete this message from your system. Please do not copy it or use it for any purposes, or disclose its contents to any other person. Thank you for your cooperation.
Any advice contained in this email (including any attachments unless expressly stated otherwise) is not intended or written to be used, and cannot be used, for purposes of avoiding tax penalties that may be imposed on any taxpayer.
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:22 EDT