Re: Pen Test mistake

From: Dave Powell (davep+_at_pitt.edu)
Date: 08/22/03

  • Next message: Brad Bemis: "RE: Pen Test mistake" 
    Date: Thu, 21 Aug 2003 18:18:55 -0400

    Hi all! Longtime lurker, firstime poster here...

    Just a quick question - was the IP address you were given incorrect, or did you do a typo when entering it into the software?
    Also, how bad did your "friend" own the boxes...was it really obvious?

    Anyway,
    <my $.02>
    Talk to a lawyer.

    Personally, I would be inclined to clean up the mess and try to pretend it didn't happen, because depending on who you actually did hit (do you
    know?) they may not even know (given the poor state of security of many networks), or be able to *prove* it was you. Hopefully, their IDS and
    logging systems are as good as their patching routine ie: not very :)

    If you tell them, you will be 1) embarrassing the execs and 2) giving them a target to vent this anger upon, they will then blame your "friend" for
    *anything* they can (whether or not it is actually related), and go straight for your "friends" $$$ to compensate.

    In other words, What They Don't Know Can't Hurt You. :)

    In the meantime you may want to take your "friends" $$$ out of the bank and bury it in a deep hole in a secret location (maybe give it to ***
    Cheney?).
    And start lifting weights.
    </my $.02>

    DaveP
    HSLS Systems

    ---------------------------------------------------------------------------
    Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world<92>s premier
    technical IT security event. Modeled after the famous Black Hat event in
    Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
    Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com
    ----------------------------------------------------------------------------

  • Next message: Brad Bemis: "RE: Pen Test mistake"
    • Quantcast