[Owasp-board] Proposed policy on unauthorized hacking at conferences

Mark Bristow mark.bristow at owasp.org
Fri Oct 26 14:57:44 UTC 2012


GCC,

See below.  I would think its self explanatory but apparently not.

I'd like to propose the following new policy:

Any attendee discovered conducting unauthorized access (physical or
electronic) at an OWASP hosted event will be immediately asked to leave
without refund.  The victim of the unauthorized access will be notified and
the matter referred to to board for consideration further action.

-Mark

Sent from my wireless device

Begin forwarded message:

*From:* "gregory.disney" <gregory.disney at owasp.org>
*Date:* October 25, 2012, 11:58:42 PM EDT
*To:* owasp-leaders at lists.owasp.org, OWASP AppSec USA <appsecusa at owasp.org>
*Subject:* *[Owasp-leaders] Connect to Hyatt router at appsec*

ESSID: Hyatt
http://207.238.37.130/superclick/hsia_accept.php
just click the link and run
There is no real authentication on the server, tisk tisk for zero security
on a Debian server.
OWASP Zap found this exploit in 10 mins

_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20121026/43f8eaa1/attachment.html>


More information about the Owasp-board mailing list