Re: physical security pentesting procedures, tips, audit programs?
Date: 12/11/04

  • Next message: David Bouchard: "Laptop Considerations"
    Date: Sat, 11 Dec 2004 15:03:13 +0100 (CET)

    On Thu, 2004-09-12 at 21.18, Frank Knobbe wrote:

    > Sure, but you show it to management/sponsor. You don't show it to the
    > people affected unless they are involved in a test (like branch managers
    > having you detained in their office).

    > Penetration Testing is all about showing flaws, but to the sponsor, not
    > the folks who commit the violations. It's the responsibility of the
    > sponsors to take action in a way they see fit.

    > Discretion is paramount in these engagements. You just don't leave stuff
    > behind.

    I'm agree with a physical security test, discretion is very
    important..then, what about using the so called "password pen"?

    Watch this:

    With this pen you can write on any surface with invisible to the naked eye
    ink; when you point an UV light on the area you wrote, your tag will
    Imho discreet and effective.


  • Next message: David Bouchard: "Laptop Considerations"