I think the reason for the original post is because the customer is a fortune 500 company they may choose to keep knowledge of the intrusion in house to avoid embarrassment. What should the pen-testers do in this case? Due to what has been seen it sounds like a fairly sophisticated intrusion that needs to be analyzed and reported so that the security community will know about it. Most certainly the companies whose software is involved should know about it. However, the pen-tester is under contract with the customer and most likely there are clauses on confidentiality that precludes the tester independently choosing what actions should be taken or how far the information about the breech can be disseminated. In the end it's the customers decision isn't it? On Wed, 26 Mar 2003, Harlan Carvey wrote: > From what I understand of your situation, during the > course of a pen-test, you ran across a potential > intruder, potentially in the process of committing a > crime. > > If this is the situation, I have to wonder why you're > bothering to ask the list what to do. One would think > that if your customer is potentially loosing something > very important and valuable, that you'd immediatly > switch from pen-test mode to forensics mode...or at > the very least inform the customer. > > I guess I just don't understand why there's any > indecision at all... > > __________________________________________________ > Do you Yahoo!? > Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! > http://platinum.yahoo.com > > top spam and e-mail risk at the gateway. > SurfControl E-mail Filter puts the brakes on spam & viruses > and gives you the reports to prove it. See exactly how much > junk never even makes it in the door. Free 30-day trial: > http://www.surfcontrol.com/go/zsfptl1 top spam and e-mail risk at the gateway. SurfControl E-mail Filter puts the brakes on spam & viruses and gives you the reports to prove it. See exactly how much junk never even makes it in the door. Free 30-day trial: http://www.surfcontrol.com/go/zsfptl1
This archive was generated by hypermail 2b30 : Thu Mar 27 2003 - 09:06:36 PST