From: Ken Kousky (kkousky@ip3inc.com)
Date: Mon Jan 16 2006 - 12:22:17 EST
I don't recall the company's name but there is folklore about a company in
San Diego that did this on a military site and ended up with criminal
charges filed against them.
It's hard to imagine you can make a credible case for how serious the
vulnerabilities might be without crossing the line and actually being
invasive.
I, for one, wouldn't want a client that was impressed by this kind of
marketing.
KWK
-----Original Message-----
From: Kurt Seifried [mailto:bt@seifried.org]
Sent: Saturday, January 14, 2006 1:57 AM
To: Nathan Einwechter; 'Password Crackers, Inc.'; pen-test@securityfocus.com
Subject: Re: Pre-Scanning for Marketing
> I am interested if anyone on the list has ever tested or implemented a
> marketing program that involved pre-scanning (wired or wireless) a
> prospect
> and then sending a letter or email describing potential vulnerabilities
> and
> offering assistance in closing these vulnerabilities. I have never done
> this because of the anticipated negative reaction, but I am curious as
> to
> what the outcome was if anyone else has done it. Single instances would
> be
> interesting, but I am more curious if anyone has implemented this in a
> more
> broad-based way and has positive and/or negative response rate
> statistics.
>
> Bob Weiss
> Password Crackers, Inc.
I believe there is a term for this form of "marketing".. what's the term...
Oh yes:
"Protection racket"
A protection racket is an extortion scheme whereby a powerful organization
coerces individuals or businesses to pay "protection money" which allegedly
serves to purchase the powerful organization's protection services against
various external threats, whereas the actual threat comes from the powerful
organization itself. Those who do not buy into the protection plan are
targeted by the powerful organization and are harassed to try to force
payment of the protection money.
Honestly if someone sent me such a letter my first reaction would be to call
corporate counsel which would probably be followed by a call to law
enforcement.
-Kurt
----------------------------------------------------------------------------
-- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ---------------------------------------------------------------------------- --- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:22 EDT