lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <02100798E096714296E1F90FEA25B78101FA6130@MISSBHXVS04.uki.capgemini.com>
Date: Thu Mar 30 00:38:41 2006
From: ross.thomson at capgemini.com (Thomson, Ross)
Subject: Hello everyone


Certainly a kind though- I have considered it myself when scanning open
wireless networks. However a few things to take into consideration:

* The Law: Even though you are doing it for the good of the internet; the
end users who see a unknown message popup might think otherwise. Also, is
your ISP likely to detect a mass scan; they will almost certainly see it as
malicious.

* Spam: Could these messages be deemed as spam or become an annoyance to
those who choose to have their systems open (for whatever reason)

* Are you willing to be liable for your actions, even if the outcome is
negative?

User education is a great thing; its how you do it that needs thinking about
:)

-Ross


-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Ian stuart
Turnbull
Sent: 29 March 2006 16:06
To: full-disclosure@...ts.grok.org.uk
Subject: [Full-disclosure] Hello everyone

I have just started in this "hacking" [ethical I should quickly add] and
after much reading etc [and a forest more to do] I have a fundamental
question I'd like to pose.
After just a few hours of scanning (I have to start somewhere} I have
located quite a few routers that have their manufacturers password still set
not to mention loads of Windows machines that have port 139 open AND have
write access to the whole of the C: Drive in some instances.

My question - since it is these machines that I understand will be the
computers that the hacker will use to hide him/her self and given that there
are tools around - just that I don't know of one yet - WHY doesn't someone
send a message to these machines that the owner will see and ASK them
politely to close up these holes? Perhaps something along the "net send"
command.
I'm sure they would love to be enligtened. i.e. their banking info etc won't
be stolen.

If given the knowledge I'd be happy to devote a day or so doing just this.
Currently I don't yet have enough skills.

Yes, I know someone somewhere must have asked this question, though I
haven't found any instance of it, so please don't flame me. I am here to
LEARN from obviously well instructed and knowledgeable people.

Also, forgive me if I appear naive - at this point I admit I definately am
but that will change in time to come.

I'd love to help make the internet a safer place. It is a truly great
invention but for a few darksided individuals. Just because one has the
knowledge doesn't mean they have to ruin it for others !!

_________________________________________________________________
Are you using the latest version of MSN Messenger? Download MSN Messenger
7.5 today! http://join.msn.com/messenger/overview

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient,  you are not authorized to read, print, retain, copy, disseminate,  distribute, or use this message or any part thereof. If you receive this  message in error, please notify the sender immediately and delete all  copies of this message.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ