This one beats them all and it’s going to make me laugh until tonight:
-
In all fairness security shouldn't depend on any one layer of protection, but yes, this is really rather ridiculous. So yes, Stefano, I'm pretty sure you understood the request correctly.
Let's also make sure indeed that they also have login credentials that will let them log in as root. Maybe email them the SSH host private keys while we're at it?
-
This one beats them all and it’s going to make me laugh until tonight:
“I’ve been assigned to carry out a penetration test on a server you manage. The test will be performed from the outside, since the perimeter security needs to be assessed. In order to perform the test, I therefore ask you to disable any firewall, protection, blacklist. If any of these are in place, the server might not be reachable and could prevent the assessment.”
I had to read it three times just to make sure I’d understood it properly.
@stefano Are they testing the equipment or are they testing the staff? (Though anyone who falls for someone asking them to do that deserves to be sacked.)
-
@stefano "please open an attack vector for me. I need to get paid"
@clf or "open an attack vector, otherwise I don't know how to proceed"
-
@stefano Are they testing the equipment or are they testing the staff? (Though anyone who falls for someone asking them to do that deserves to be sacked.)
@beecycling officially, "how the services are vulnerable from the Internet"
-
This one beats them all and it’s going to make me laugh until tonight:
“I’ve been assigned to carry out a penetration test on a server you manage. The test will be performed from the outside, since the perimeter security needs to be assessed. In order to perform the test, I therefore ask you to disable any firewall, protection, blacklist. If any of these are in place, the server might not be reachable and could prevent the assessment.”
I had to read it three times just to make sure I’d understood it properly.
@stefano At my previous job company hired someone for such test. One of requirements was to install their a server on our network for duration of test. So they can better understand network topology and services to test.
-
This one beats them all and it’s going to make me laugh until tonight:
“I’ve been assigned to carry out a penetration test on a server you manage. The test will be performed from the outside, since the perimeter security needs to be assessed. In order to perform the test, I therefore ask you to disable any firewall, protection, blacklist. If any of these are in place, the server might not be reachable and could prevent the assessment.”
I had to read it three times just to make sure I’d understood it properly.
You couldn't make that up.
-
@stefano At my previous job company hired someone for such test. One of requirements was to install their a server on our network for duration of test. So they can better understand network topology and services to test.
@anparker this makes some sense. They can study the network from inside. But still...
-
@mms You deserve it much more than them
-
@stefano yeah these are ridiculous. Why the hell would you disable your firewall? Also these aren't penetration tests, they're just vulnerability scanners.
-
@stefano Give him your user and the root password just to make sure the pen test goes as expected
-
-
@raymaccarthy @pertho Extremely appropriate definition!
-
J jwcph@helvede.net shared this topic
vibes
