RE: Pre-Scanning for Marketing



I don't recall the company's name but there is folklore about a company in
San Diego that did this on a military site and ended up with criminal
charges filed against them.

It's hard to imagine you can make a credible case for how serious the
vulnerabilities might be without crossing the line and actually being
invasive.

I, for one, wouldn't want a client that was impressed by this kind of
marketing.

KWK

-----Original Message-----
From: Kurt Seifried [mailto:bt@xxxxxxxxxxxx]
Sent: Saturday, January 14, 2006 1:57 AM
To: Nathan Einwechter; 'Password Crackers, Inc.'; pen-test@xxxxxxxxxxxxxxxxx
Subject: Re: Pre-Scanning for Marketing

> I am interested if anyone on the list has ever tested or implemented a
> marketing program that involved pre-scanning (wired or wireless) a
> prospect
> and then sending a letter or email describing potential vulnerabilities
> and
> offering assistance in closing these vulnerabilities. I have never done
> this because of the anticipated negative reaction, but I am curious as
> to
> what the outcome was if anyone else has done it. Single instances would
> be
> interesting, but I am more curious if anyone has implemented this in a
> more
> broad-based way and has positive and/or negative response rate
> statistics.
>
> Bob Weiss
> Password Crackers, Inc.

I believe there is a term for this form of "marketing".. what's the term...
Oh yes:

"Protection racket"

A protection racket is an extortion scheme whereby a powerful organization
coerces individuals or businesses to pay "protection money" which allegedly
serves to purchase the powerful organization's protection services against
various external threats, whereas the actual threat comes from the powerful
organization itself. Those who do not buy into the protection plan are
targeted by the powerful organization and are harassed to try to force
payment of the protection money.

Honestly if someone sent me such a letter my first reaction would be to call

corporate counsel which would probably be followed by a call to law
enforcement.

-Kurt


----------------------------------------------------------------------------
--
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are

futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers
do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
----------------------------------------------------------------------------
---


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



Relevant Pages

  • RE: Pre-Scanning for Marketing
    ... installer there were some Security issue, ... vulnerabilities are easily and efficiently identified. ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping carts, ...
    (Pen-Test)
  • RE: Penetration test of 1 IP address
    ... You could use a whole sleth of tools on some server, ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Check your website for vulnerabilities to SQL injection, ... Up to 75% of cyber attacks are launched on shopping ...
    (Pen-Test)
  • RE: Pre-Scanning for Marketing
    ... Subject: RE: Pre-Scanning for Marketing ... even though certainly vulnerabilities are ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping carts, forms, ...
    (Pen-Test)
  • RE: Pre-Scanning for Marketing : Analogy Day
    ... of demonstrating vulnerabilities people "need" to know about. ... Hackers are concentrating their efforts on attacking applications on ... Up to 75% of cyber attacks are launched on shopping carts, ... Check your website for ...
    (Pen-Test)
  • RE: Pre-Scanning for Marketing
    ... vulnerabilities are easily and efficiently identified. ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping carts, ...
    (Pen-Test)