Re: Insurance

From: Tom (tom@digitaloffense.net)
Date: 11/27/02

  • Next message: M. Zeeshan Mustafa: "Re: Lotus Notes"
    From: Tom <tom@digitaloffense.net>
    To: pen-test@securityfocus.com
    Date: Wed, 27 Nov 2002 14:52:30 -0600
    
    

    On Tuesday 26 November 2002 13:23, SDuffy@NCIINC.com wrote:
    > I would say first cover yourself with loads of permissions! Make
    > sure you have a point of contact that knows what you are doing from
    > the company your testing.

    The only other thing I would add to this that has not already been stated is
    that if your client is hosting mail or web services off-site, you'll need to
    make sure that you get authorization from the off-site provider as well.

    There are a number of hosting providers and ISP's that will only allow testing
    with their consent, and only then if the server is dedicated to the one
    client and not shared with any others.

    Don't just assume that if your principle client gives you permission to test
    that you have carte blanche to test anything that that has their name on it.

    Tom

    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:
    https://alerts.securityfocus.com/



    Relevant Pages

    • RE: IP Range
      ... your client contact their ISP and collect the list for you. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
      (Pen-Test)
    • Re: W2K Terminal Services pwd cracker
      ... but with TSGrinder ... Anyway, even with the TS ActiveX client scripted, the server setup had to ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
      (Pen-Test)
    • Re: IP Range
      ... I use the following site to check the IP blocks of a client. ... >> This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
      (Pen-Test)
    • "Get out of Jail Free" client doc
      ... I am about to do a vulnerability assessment for a larger client. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
      (Pen-Test)
    • RE: Windows 2003 x64 print server problems
      ... NTFS permissions on the Spool folder. ... Enable the guest account on the computer that is hosting the shared ... On the client computer, log on as the user and add the printer. ... Please uncheck "Automatically detect and install my Plug and Play ...
      (microsoft.public.windows.server.general)