[Dailydave] Location Location Location
Paul Melson
pmelson at gmail.com
Sun Oct 28 08:51:50 EDT 2007
On 10/27/07, Kristian Erik Hermansen <kristian.hermansen at gmail.com> wrote:
> So now what is a pen tester to do? There are some boxes hanging
> around out there on the net pwned, but you don't want to say anything
> because they weren't yours to hack in the first place!??! What is the
> proper etiquette here? If you inform the party, maybe they will want
> to sue you for damages. On the other hand, they are vulnerable. Who
> has been in this situation before?
Everybody that's been doing over-the-net pen testing for any amount of
time, that's who. It depends on the situation as to how best to
handle it, but the ethical thing is to suck it up, try and make
contact with the unintended target, and hope that they will be
reasonable. (That's assuming that they haven't already noticed and
contacted you first.) At that point, you are at the very least
obligated to assist them in understanding and mitigating the
vulnerabilities you've found on their end. For free. Under a
confidentiality agreement.
> Is uplink really that cool?!!?? I tried it once, but I thought it was
> pretty lame. Maybe I didn't give it enough time to enjoy the plot...
Hacker games are about as cool and accurate as hacker movies. But if
you *like* Uplink, then Hacker Evolution will also amuse you:
http://www.exosyphenstudios.com/page_hacker-evolution.html
PaulM
More information about the Dailydave
mailing list