[Owasp-board] [Global_conference_committee] Proposed policy on unauthorized hacking at conferences

Josh Sokol josh.sokol at owasp.org
Mon Oct 29 15:02:47 UTC 2012


FWIW, I fully support this.  Might not be a bad idea to include this
verbiage as a disclaimer that people agree to when they register for the
conference as well as published in the attendee brochure.

~josh

On Sun, Oct 28, 2012 at 4:39 AM, Mohd Fazli Azran <fazli at owasp.org> wrote:

> To make our conference are better and high value we need to make this
> policy enforce and must be disclose.
> On Oct 28, 2012 6:22 AM, "Michael Coates" <michael.coates at owasp.org>
> wrote:
>
>> My two cents: approach this as a learning opportunity too. By this I mean
>> we could not only include the verbiage that says unauthorized hacking is
>> not tolerated, but also include some info on why we have that position and
>> also speak to the merits of responsible disclosure.
>>
>> Of course also include references to valid hacking areas like ctf or
>> learning labs.
>>
>> Michael
>> On Oct 27, 2012 11:21 AM, "Mark Bristow" <mark.bristow at owasp.org> wrote:
>>
>>> GCC,
>>>
>>> Any further comment?  Or shall we vote?
>>>
>>> -Mark
>>>
>>> Sent from my wireless device
>>>
>>> On Oct 27, 2012, at 12:11 PM, Eoin <eoin.keary at owasp.org> wrote:
>>>
>>> Yes sounds good.
>>>
>>> Eoin Keary
>>> Owasp Global Board
>>> +353 87 977 2988
>>>
>>>
>>> On 26 Oct 2012, at 09:57, Mark Bristow <mark.bristow at owasp.org> wrote:
>>>
>>> GCC,
>>>
>>> See below.  I would think its self explanatory but apparently not.
>>>
>>>  I'd like to propose the following new policy:
>>>
>>> Any attendee discovered conducting unauthorized access (physical or
>>> electronic) at an OWASP hosted event will be immediately asked to leave
>>> without refund.  The victim of the unauthorized access will be notified and
>>> the matter referred to to board for consideration further action.
>>>
>>> -Mark
>>>
>>> Sent from my wireless device
>>>
>>> Begin forwarded message:
>>>
>>> *From:* "gregory.disney" <gregory.disney at owasp.org>
>>> *Date:* October 25, 2012, 11:58:42 PM EDT
>>> *To:* owasp-leaders at lists.owasp.org, OWASP AppSec USA <
>>> appsecusa at owasp.org>
>>> *Subject:* *[Owasp-leaders] Connect to Hyatt router at appsec*
>>>
>>> ESSID: Hyatt
>>> http://207.238.37.130/superclick/hsia_accept.php
>>> just click the link and run
>>> There is no real authentication on the server, tisk tisk for zero
>>> security on a Debian server.
>>> OWASP Zap found this exploit in 10 mins
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>> _______________________________________________
>> Global_conference_committee mailing list
>> Global_conference_committee at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/global_conference_committee
>>
>>
> _______________________________________________
> Global_conference_committee mailing list
> Global_conference_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_conference_committee
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20121029/e6254671/attachment.html>


More information about the Owasp-board mailing list