lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <28f529ba0710311535le53f58at2578adc11d0ea466@mail.gmail.com>
Date: Wed, 31 Oct 2007 15:35:30 -0700
From: "Michael Neal Vasquez" <mnv@...mni.princeton.edu>
To: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Flash that simulates virus scan

It's valid IMO, but also depends on the client expectations.  At the outset,
the parameters of what's being tested should be well outlined.  Some clients
prefer purely technical measures for penetration.  Others are open to a
complete (i.e. SE included) test.  Obviously a better choice, but I always
had 2 goals in the complete test: A) Purely technical intrusion & B)
Intrusion via SE.  Cover your bases, open their eyes.

Show them a) the need for vigilant employee training and security awareness
programs, and
b) that their infrastructure has its own stand-alone holes as well....




On 10/31/07, Valdis.Kletnieks@...edu <Valdis.Kletnieks@...edu> wrote:
>
> On Wed, 31 Oct 2007 16:56:20 CDT, reepex said:
> > resulting to se in a pen test cuz you cant break any of the actual
> machines?
>
> Lots of *actual* compromises happen the same exact way - resorting to SE.
> As such, if a pen test doesn't cover the same territory, it's incomplete.
>
> "Yes, your house is secure - we checked all the doors and they're up to
> snuff.
> We however didn't check if you'll open the door *anyhow* if the landshark
> on
> the other side says 'Landshark', leading to everybody getting eaten."
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ