From: Paul Melson (pmelsongmail.com)
Date: Sun Oct 28 2007 - 07:51:50 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/27/07, Kristian Erik Hermansen <kristian.hermansengmail.com> wrote:
> So now what is a pen tester to do? There are some boxes hanging
> around out there on the net pwned, but you don't want to say anything
> because they weren't yours to hack in the first place!??! What is the
> proper etiquette here? If you inform the party, maybe they will want
> to sue you for damages. On the other hand, they are vulnerable. Who
> has been in this situation before?

Everybody that's been doing over-the-net pen testing for any amount of
time, that's who. It depends on the situation as to how best to
handle it, but the ethical thing is to suck it up, try and make
contact with the unintended target, and hope that they will be
reasonable. (That's assuming that they haven't already noticed and
contacted you first.) At that point, you are at the very least
obligated to assist them in understanding and mitigating the
vulnerabilities you've found on their end. For free. Under a
confidentiality agreement.

> Is uplink really that cool?!!?? I tried it once, but I thought it was
> pretty lame. Maybe I didn't give it enough time to enjoy the plot...

Hacker games are about as cool and accurate as hacker movies. But if
you *like* Uplink, then Hacker Evolution will also amuse you:

http://www.exosyphenstudios.com/page_hacker-evolution.html

PaulM
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]