[Owasp-board] Proposed policy on unauthorized hacking at conferences

Michael Coates michael.coates at owasp.org
Sat Oct 27 22:22:24 UTC 2012


My two cents: approach this as a learning opportunity too. By this I mean
we could not only include the verbiage that says unauthorized hacking is
not tolerated, but also include some info on why we have that position and
also speak to the merits of responsible disclosure.

Of course also include references to valid hacking areas like ctf or
learning labs.

Michael
On Oct 27, 2012 11:21 AM, "Mark Bristow" <mark.bristow at owasp.org> wrote:

> GCC,
>
> Any further comment?  Or shall we vote?
>
> -Mark
>
> Sent from my wireless device
>
> On Oct 27, 2012, at 12:11 PM, Eoin <eoin.keary at owasp.org> wrote:
>
> Yes sounds good.
>
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
>
>
> On 26 Oct 2012, at 09:57, Mark Bristow <mark.bristow at owasp.org> wrote:
>
> GCC,
>
> See below.  I would think its self explanatory but apparently not.
>
>  I'd like to propose the following new policy:
>
> Any attendee discovered conducting unauthorized access (physical or
> electronic) at an OWASP hosted event will be immediately asked to leave
> without refund.  The victim of the unauthorized access will be notified and
> the matter referred to to board for consideration further action.
>
> -Mark
>
> Sent from my wireless device
>
> Begin forwarded message:
>
> *From:* "gregory.disney" <gregory.disney at owasp.org>
> *Date:* October 25, 2012, 11:58:42 PM EDT
> *To:* owasp-leaders at lists.owasp.org, OWASP AppSec USA <appsecusa at owasp.org
> >
> *Subject:* *[Owasp-leaders] Connect to Hyatt router at appsec*
>
> ESSID: Hyatt
> http://207.238.37.130/superclick/hsia_accept.php
> just click the link and run
> There is no real authentication on the server, tisk tisk for zero security
> on a Debian server.
> OWASP Zap found this exploit in 10 mins
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20121027/fe6ad47b/attachment.html>


More information about the Owasp-board mailing list