E-Mail Pen-Testing
Next message: Joe Blatz: "Re: Email Pen-testing"
To: pen-test@securityfocus.com
Date: Mon, 22 Mar 2004 12:22:46 +0000
Blake,
I have found this sort of testing to be appropriate, as long as you have
laid it out clearly in your ROE from the beginning. If you are planning on
using an e-mail Trojan, you must give specific assurances to your client
that the Trojan will only perform a certain function and nothing else.
People do not like to be blindsided with this sort of thing, but it is,
IMHO, a necessary evil to demonstrate the lack of security with regards to
e-mail. I say go for it...But never perofrm this attack without first
clearing it with the client.
_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from McAfeeŽ
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
---------------------------------------------------------------------------
You're a pen tester, but is google.com still your R&D team?
Now you can get trustworthy commercial-grade exploits and the latest
techniques from a world-class research group.
www.coresecurity.com/promos/sf_ept1
----------------------------------------------------------------------------
Next message: Joe Blatz: "Re: Email Pen-testing"
Relevant Pages
- Re: sorting by last name
... of the file being the LastNameFirstName and then use a macro to recombine ... Dim Counter As Long, Source As Document, Target As Document ... >I have 150 pages in Word that I would like to sort based on client LAST ...
(microsoft.public.word.mailmerge.fields) - RE: Sorting Data by a Range of Dates
... I have a database with 5 fields. ... All I want to do is sort the info in the ... database for our client Stone Ridge. ... Dim stDocName As String ...
(microsoft.public.access.reports) - Re: OT Charging Clients For SBS Support
... Its just that the sort of support mentioned is if you are available full time for the clients - doing this part-time doesn't really work unless they are very close and/or stable or low key. ... I was asked the other day to install sbs 2003 & 8 client PC's by a new client, the install is now complete and fully functioning but the the client has asked me to provide ongoing support. ... Monthly support fee, with all monitoring email sent to me so I can keep an eye on potential problems, remote administration as and when needed as well as telephone support for the desktop users - the users are all fairly technical and I only envisage calls if there are issues with the server or hardware. ...
(microsoft.public.windows.server.sbs) - RE: Auth in a WS over the internet
... forms app would probably be best suited for this sort of app, ... The thing with web services is that usually the client is a computer ... (in WSE this means it's implemented as a filter). ... sort of thing as basic auth in WSE is at the client side is create a username ...
(microsoft.public.dotnet.framework.webservices) - Re: Alarming LACK of security in OS X
... When clicking on the application attachment, I got some sort of "This program is an application, run anyway" sort of message. ... The biggest security feature is a pop up dialog box that warns of an executable, and then it just lets you chug on. ... Any of you that work with Windows machines in the office probably have seen Windows mail clients and mail servers tend to make it a real pain to attach a binary, to the point that there is no way it will execute without at least modifying the file name so that it can't execute. ... The reason I brought this issue up is around the patch Apple released last week. ...
(comp.sys.mac.advocacy) |
|
