From: Ratna Kumar (ratnakumarch@visualsoft-tech.com)
Date: Thu Feb 09 2006 - 23:01:48 EST
Hi All,
I really agree with you all? Good to share information, but to what extent?
anyone can misuse it? Can we take any steps to stop it?
I don't know how many of you agree with me. Any chances for understanding
the motives of person (with malicious intent)?
I know you people are doing good things to the community, but we are here to
protect.
Thank you,
Regards,
Ratna Kumar
----- Original Message -----
From: "Navroz Shariff" <nshariff@americanbible.org>
To: <pen-test@securityfocus.com>
Sent: Friday, February 10, 2006 2:54 AM
Subject: RE: Penetration test of 1 IP address
> Interesting...the original inquirer hasn't replied in his defense.
>
> -----Original Message-----
> From: Bob Radvanovsky [mailto:rsradvan@unixworks.net]
> Sent: Thursday, February 09, 2006 11:46 AM
> To: Levenglick, Jeff; Larry Chin; Edmond Chow; Michael Gargiullo;
> pen-test@securityfocus.com
> Subject: RE: Penetration test of 1 IP address
>
> I would tend to agree with that statement. members of this list no idea
> if the the individual posing the question has nefarious intentions, or
> not.
>
> No disrespect to the original poster of the question to the list, or the
> moderator for that matter, in extremely paranoid times these days,
> simply uttering the wrong word in public (within the context of a
> sentence) can get you a one-way ticket into jail these! So...take
> things a down a few notches and remember that hacking these days, esp.
> in the eyes of our governments (federal, state, local), not to mention
> Corporate America, views it as a form of "cyberterrorism" -- first and
> foremost -- BEFORE they would ever consider it NOT to (OK...that sounded
> way too circular, but if you read it carefully, you'll understand what
> I'm trying to convey) be labelled as "cyberterrorism".
>
> In my defense (as a form of disclaimation), the requesting individual
> mentioned the word "/webblaze", and I simply looked it up on Google --
> nothing more. I have not mentioned any methods of attack, or how he
> should go about attempting a penetration into that server. That is left
> entirely up to that individual. ;)
>
> -rad
>
> ----- Original Message -----
> From: "Levenglick, Jeff" [mailto:JLevenglick@fhlbatl.com]
> To: Bob Radvanovsky [mailto:rsradvan@unixworks.net], Larry Chin
> [mailto:casslin@sympatico.ca], Edmond Chow [mailto:echow@videotron.ca],
> Michael Gargiullo [mailto:mgargiullo@pvtpt.com],
> pen-test@securityfocus.com
> Subject: RE: Penetration test of 1 IP address
>
>
>> That's right.. Legal software. I wonder what would happen if this
>> person was not legit and The company found out that all of the people
>> on this list helped him?
>>
>> Or better yet. (as I stated before) This person does not have the
>> background or knowledge to give this company A 'real' security audit.
>> This is VERY important. If he were to tell them that they are ok and
>> something bad happened, we Would end up where most people feel right
>> now. (that most IT positions are just paper or fly-by-night)
>>
>> If you are real, you should take classes or read books. All of us can
>> point you to web sites, but that does not explain how To use the
>> software or even the concept of pen testing.
>>
>> -----Original Message-----
>> From: Bob Radvanovsky [mailto:rsradvan@unixworks.net]
>> Sent: Wednesday, February 08, 2006 11:37 PM
>> To: Larry Chin; 'Edmond Chow'; 'Michael Gargiullo';
>> pen-test@securityfocus.com
>> Subject: RE: Penetration test of 1 IP address
>>
>> Did you say "Webblaze"? This is what I've found:
>> http://info.summation.com/products/PF_webblaze.htm Litigation
>> software??? Hmmmm...Windows-based software
>> (http://info.summation.com/products/SP_webblaze_specs.htm)...
>>
>> Did your "login" look anything like this?
>> URL:
>> http://precise.precisepresentations.com/WebBlaze/Login.aspx?ReturnUrl=
>> %2
>> FWebBlaze%2FIndex.aspx
>>
>> When in doubt...GOOGLE IT!!! 8)))
>>
>> ONE WORD OF CAUTION...since this system might be used for legal
>> purposes, get something in writing that allows you to conduct what is
>> called a "non-destructive test" and MAKE SURE that you DON'T *DESTROY*
>
>> their system!
>>
>> r
>>
>> DISCLAIMER: I only did a lookup about the product mentioned...nothing
>> more. ;))
>>
>> ----- Original Message -----
>> From: Larry Chin [mailto:casslin@sympatico.ca]
>> To: 'Edmond Chow' [mailto:echow@videotron.ca], 'Michael Gargiullo'
>> [mailto:mgargiullo@pvtpt.com], pen-test@securityfocus.com
>> Subject: RE: Penetration test of 1 IP address
>>
>>
>> > Could try http://www.accessdiver.com for starters.
>> >
>> > Wikto (http://www.sensepost.com/research/wikto/) to scan the website
>> >
>> > You could try nmap'ing the IP address, maybe a web server isn't the
>> > only thing running there.
>> >
>> > Just a couple of thoughts
>> >
>> > -----Original Message-----
>> > From: Edmond Chow [mailto:echow@videotron.ca]
>> > Sent: Wednesday, February 08, 2006 1:45 AM
>> > To: 'Michael Gargiullo'; pen-test@securityfocus.com
>> > Cc: 'Edmond Chow'
>> > Subject: RE: Penetration test of 1 IP address
>> >
>> >
>> >
>> >
>> > To all:
>> >
>> > I have been asked to perform a security audit of 1 IP address for
>> client.
>> > They have given me the 1 IP address and a clue (webblaze).
>> >
>> > If I enter the IP address and then /webblaze, I am taken to a login
>> > page (user name and password requested).
>> >
>> > What tools would you recommend that I use for this assignment?
>> >
>> > Thanks for your help.
>> >
>> > Regards,
>> >
>> >
>> > Edmond
>> >
>> >
>> > --------------------------------------------------------------------
>> > --
>> > ------
>> > --
>> > Audit your website security with Acunetix Web Vulnerability Scanner:
>
>> >
>> > Hackers are concentrating their efforts on attacking applications on
>
>> > your website. Up to 75% of cyber attacks are launched on shopping
>> > carts, forms, login pages, dynamic content etc. Firewalls, SSL and
>> > locked-down servers are
>> >
>> > futile against web application hacking. Check your website for
>> > vulnerabilities to SQL injection, Cross site scripting and other web
>
>> > attacks before hackers do!
>> > Download Trial at:
>> >
>> > http://www.securityfocus.com/sponsor/pen-test_050831
>> > --------------------------------------------------------------------
>> > --
>> > ------
>> > ---
>> >
>> >
>> > --------------------------------------------------------------------
>> > --
>> > -------- Audit your website security with Acunetix Web Vulnerability
>> > Scanner:
>> >
>> > Hackers are concentrating their efforts on attacking applications on
>
>> > your website. Up to 75% of cyber attacks are launched on shopping
>> > carts, forms, login pages, dynamic content etc. Firewalls, SSL and
>> > locked-down servers are
>> >
>> > futile against web application hacking. Check your website for
>> > vulnerabilities to SQL injection, Cross site scripting and other web
>
>> > attacks before hackers do!
>> > Download Trial at:
>> >
>> > http://www.securityfocus.com/sponsor/pen-test_050831
>> > --------------------------------------------------------------------
>> > --
>> > ---------
>> >
>> >
>>
>> ----------------------------------------------------------------------
>> --
>> ------
>> Audit your website security with Acunetix Web Vulnerability Scanner:
>>
>> Hackers are concentrating their efforts on attacking applications on
>> your website. Up to 75% of cyber attacks are launched on shopping
>> carts, forms, login pages, dynamic content etc. Firewalls, SSL and
>> locked-down servers are futile against web application hacking. Check
>> your website for vulnerabilities to SQL injection, Cross site
>> scripting and other web attacks before hackers do!
>> Download Trial at:
>>
>> http://www.securityfocus.com/sponsor/pen-test_050831
>> ----------------------------------------------------------------------
>> --
>> -------
>>
>>
>>
>>
>> -----------------------------------------
>> This e-mail message is private and may contain confidential or
>> privileged information.
>>
>>
>
> ------------------------------------------------------------------------
> ------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on
> your website. Up to 75% of cyber attacks are launched on shopping carts,
> forms, login pages, dynamic content etc. Firewalls, SSL and locked-down
> servers are futile against web application hacking. Check your website
> for vulnerabilities to SQL injection, Cross site scripting and other web
> attacks before hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> ------------------------------------------------------------------------
> -------
>
>
> ------------------------------------------------------------------------------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers
> are
> futile against web application hacking. Check your website for
> vulnerabilities
> to SQL injection, Cross site scripting and other web attacks before
> hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> -------------------------------------------------------------------------------
>
>
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:29 EDT