Re: Pre-Scanning for Marketing

On Tue, Jan 10, 2006 at 10:10:52AM -0500, Password Crackers, Inc. wrote:
> I am interested if anyone on the list has ever tested or implemented a
> marketing program that involved pre-scanning (wired or wireless) a prospect
> and then sending a letter or email describing potential vulnerabilities and
> offering assistance in closing these vulnerabilities. I have never done
> this because of the anticipated negative reaction, but I am curious as to
> what the outcome was if anyone else has done it. Single instances would be
> interesting, but I am more curious if anyone has implemented this in a more
> broad-based way and has positive and/or negative response rate statistics.

Even if you put aside the ethical issues, I think it's going to be

Over time I've done unsolicited poking around of networks who probed me,
or of organizations I had some affinity for, and found problems. I have
reported them in great detail, including both technical aspects and the
real-world impact ("I can see your My Documents"), urging them to talk
to their local security consultant to get this address. I specifically
disclaimed any trolling-for-work aspects (I've never taken a paid
engagement from an unsolicited security report).

These reports could never have been confused with a threat, a shakedown,
or a solicitation for work, and it didn't require taking my word
for anything -- any competent computer user could have verified it.

My response rate is about 80% make no reply of any kind, 10% are grateful
and fix the problem. 5% are grateful but don't fix the problem, and 5%
are outright *hostile* and treated me as the bad guy.

Example: Some years ago I found that the ACM - a group who ought to have
had some kind of clue on appreciating security issues - had a totally
wide open network at their headquarters. I send a long, detailed note
with the details, and I was told to *get lost*.

I persisted and convinced them that they had a problem, and they very
reluctantly allowed me to help them fix it for free. There was a lot
more they should have fixed, but it was clear that they were reticent
to look at this. I wasn't getting anything out of it, so I gave up.

This kind of thing has happened so often, so consistently, that I stopped
sending unsolicted reports: why bother?

I think that attempting to turn this into engagements is likely to
be really unsatisfying.


Stephen J Friedl | Security Consultant | UNIX Wizard | +1 714 544-6561 | Tustin, Calif. USA | Microsoft MVP | steve@xxxxxxxxxxx

Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

Relevant Pages

  • [Full-disclosure] [JRSA_0x2fbcd0251e8d606ebbb595dccb685f9446f441a7320f912666fd8b3362f3bffe_15
    ... Software Based Cipher Implementation Vulnerabilities ... We are experts on information security dedicated to bringing the public ... based timing side channel attacks against common processors and operating ...
  • In response to alleged vulnerabilities in Microsoft Visual C++ security checks feature
    ... the security check feature introduced in the Microsoft ... Visual C++ .NET compiler is NOT vulnerable. ... themselves to more attacks is unfounded and patently false. ... Critics might claim that all vulnerabilities are easy to find; ...
  • RE: Top 10 vulnerabilities and open ports.
    ... Top 10 vulnerabilities and open ports. ... ports reports based on the results of the free security scans performed ... Reports are based on the results of tests performed using Nessus ...
  • Top 10 vulnerabilities and open ports.
    ... made available top 10 vulnerabilities and top 10 open tcp ... ports reports based on the results of the free security scans performed ... Reports are based on the results of tests performed using Nessus ...
  • Re: [fw-wiz] concerning ~el8 / project mayhem
    ... > If I showed my client that they'd been victim to 25 vulnerabilities, ... for instance a scanner or IDS that detects 1000 attacks is better than one ... > I think the point you might make is that it's comforting for a client who ... > has no security clue to see a large report showing all the many problems ...