Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Ps. Informing Companies about security vulnerabilities...

from [Craig Wright] Network Security [Permanent Link]
Subject: RE: Ps. Informing Companies about security vulnerabilities...
Date: Fri, 6 Oct 2006 12:35:33 +1000 

The police deciding to bring charges is not a decision as to the nature
of the act. This does not make it legal or not. The police will often in
Australia not touch anything with less than $1,000,000 damage or some
large public exposure. This is a resource issue.

This does not make it legal and there are firms who will file civil
suits.

Craig



-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of mailing lists
Sent: Thursday, 5 October 2006 6:07 PM
To: joe@learnsecurityonline.com
Cc: pen-test@securityfocus.com
Subject: Re: Ps. Informing Companies about security vulnerabilities...

Ps.  
 we have had contact with the police a few times after some
reactive_aggressive had
reported a "hackers attack" to them.
 but after showing the law enforcers what really happened and how with
prove, they every
time reached the same conclusion with something like "So, they have
wasted our time by
screaming Wolf!, when you guys only did your friendly neighbour duty by
telling them they
didn't lock their car door, and did not take anything from it"
and then the police phoned the complainers with the message,  please
stop wasting our
time, we have closed the file.

slight difference with your case, is that we do not actively go out to
find sites and try
attacks on them, we some times notice flaws when following a path from a
paying clients
who ask us to look at the information sources they are using.

but i think there is nothing bad about walking over a parking space and
putting notes
under windshield-wipers of every car that has unlocked doors.
just because most people don't care about their living environment,
doesn't mean that the
few friendly neighbours that still have the guts to stand for doing the
right thing
should be persecuted by those who stand for nothing other then making a
few quick bucks.

so ;)  keep up the good work!
there are way too many servers 'leaking' privacy sensitive information,
and the people
who's information is leaked are the real victims, not the rich companies
who are
responsible for leaking it by neglect.


Cheers,

 






------------

Has anyone else gone through a similar situation? Was the company
receptive? Other companies I've contacted in the past have been quite
receptive - I'm just curious if other people have gone through this as
well.

No need to fill the list with this, you can email me directly with

your

inputs and stories.

--
Joe McCray


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016
00000008bOW
------------------------------------------------------------------------


Liability limited by a scheme approved under Professional Standards Legislation 
in respect of matters arising within those States and Territories of Australia 
where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is confidential. If 
you are not the intended recipient, you must not use or disclose the 
information. If you have received this email in error, please inform us 
promptly by reply email or by telephoning +61 2 9286 5555. Please delete the 
email and destroy any printed copy. 

Any views expressed in this message are those of the individual sender. You may 
not rely on this message as advice unless it has been electronically signed by 
a Partner of BDO or it is subsequently confirmed by letter or fax signed by a 
Partner of BDO.

BDO accepts no liability for any damage caused by this email or its attachments 
due to viruses, interference, interception, corruption or unauthorised access.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Informing Companies about security vulnerabilities..., Craig Wright
Next by Date:  RE: Layer 3 and Firewall, Joseph McCray
Previous by Thread:  Re: Ps. Informing Companies about security vulnerabilities..., mailing lists
Next by Thread:  Re: Informing Companies about security vulnerabilities.., bugtraq
Indexes:  [Date] [Thread] [Top] [All Lists]