Hmmm - that sounds like me. Basically there were a couple of chaps on the
list warbling on about the insecurity of MSProxy 2.0, so I invited them to
put their money where their mouths were by trying to hack a test server I
set up specifically for that purpose.
A number of people did actually take part in the test, and while no
vulnerabilities were found with MSP, a DoS attack was found against the
underlying IIS software (see the GET fix for IIS on microsoft.com).
However, not as much people as I'd expected actually took part - certainly I
don't think any of the anti-MS pontificators did ;-).
Paying a "professional service" to run a penetration test against your
system sound like an interesting one. How much can one expect to pay for
this kind of service, and how would you identify if they are "professional"
or not?
Regards,
Brian Steele
-----Original Message-----
From: P L STEINBRUCH <[EMAIL PROTECTED]>
To: Joshua Chamas <[EMAIL PROTECTED]>; [EMAIL PROTECTED]
<[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Wednesday, 31 March, 1999 9:38 PM
Subject: Re: Hacking Contest ?
>Joshua.
>
>Don't do it. Period.
>
>Some months ago we had such a discussion(see archives,if you wish).
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
