Bad Raps for Non-Hacks

Bad Raps for Non-Hacks
Mark Rasch, 2003-06-16

A few odd cases show that you don't have be a digital desparado to be accused of a cybercrime... particularly if you embarrass the wrong bureaucrats.

Expand all | Post comment

the girl next door 2003-06-16
Kees Huyser

>Pen testers should have the client detail exactly the scope and extent of the network to be tested -- a range of IP addresses, domains, or physical locations.

But what if you do a WiFi-drive-by test on Bob's network (with permission) and Alice's network next door is vulnerable too? Alice never gave permission, but due to her poor security you might now be liable for damages to her network....

So, for tests of this nature you'd have to get permission from everybody and his brother/sister before doing a pen test, since you never know what you might hit upon.

Impossible and impractical. Good bye pen tests.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/167/20480#20480

Bad Raps for Non-Hacks 2003-06-16
blacklight

Pen-testing own (hosted) domain 2003-06-17
Andy (1 replies)

Pen-testing own (hosted) domain 2003-06-18
Anonymous

Bad Raps for Non-Hacks 2003-06-17
Anonymous (3 replies)

Inadvertent Straying While Pen Testing 2003-06-17
Mark Rasch (1 replies)

Inadvertent Straying While Pen Testing 2003-06-23
Anonymous

Bad Raps for Non-Hacks 2003-06-19
blacklight

Bad Raps for Non-Hacks 2003-06-19
Elc0chin0 (1 replies)

Bad Raps for Non-Hacks 2003-06-23
Ferg (1 replies)

Bad Raps for Non-Hacks 2003-06-24
blacklight

Bad Raps for Non-Hacks 2003-06-18
Elc0chin0

Bad Raps for Non-Hacks 2003-06-20
Hamster1