[Owasp-board] [Global_conference_committee] Proposed policy on unauthorized hacking at conferences

Eoin eoin.keary at owasp.org
Mon Oct 29 15:08:44 UTC 2012


Josh, good idea. Put in T&C's for registrations, delegates and members alike.
Love Austin/Texas btw!!


Eoin Keary
Owasp Global Board
+353 87 977 2988


On 29 Oct 2012, at 15:02, Josh Sokol <josh.sokol at owasp.org> wrote:

> FWIW, I fully support this.  Might not be a bad idea to include this verbiage as a disclaimer that people agree to when they register for the conference as well as published in the attendee brochure.
> 
> ~josh
> 
> On Sun, Oct 28, 2012 at 4:39 AM, Mohd Fazli Azran <fazli at owasp.org> wrote:
>> To make our conference are better and high value we need to make this policy enforce and must be disclose.
>> 
>> On Oct 28, 2012 6:22 AM, "Michael Coates" <michael.coates at owasp.org> wrote:
>>> My two cents: approach this as a learning opportunity too. By this I mean we could not only include the verbiage that says unauthorized hacking is not tolerated, but also include some info on why we have that position and also speak to the merits of responsible disclosure.
>>> 
>>> Of course also include references to valid hacking areas like ctf or learning labs.
>>> 
>>> Michael
>>> 
>>> On Oct 27, 2012 11:21 AM, "Mark Bristow" <mark.bristow at owasp.org> wrote:
>>>> GCC,
>>>> 
>>>> Any further comment?  Or shall we vote?
>>>> 
>>>> -Mark
>>>> 
>>>> Sent from my wireless device
>>>> 
>>>> On Oct 27, 2012, at 12:11 PM, Eoin <eoin.keary at owasp.org> wrote:
>>>> 
>>>>> Yes sounds good.
>>>>> 
>>>>> Eoin Keary
>>>>> Owasp Global Board
>>>>> +353 87 977 2988
>>>>> 
>>>>> 
>>>>> On 26 Oct 2012, at 09:57, Mark Bristow <mark.bristow at owasp.org> wrote:
>>>>> 
>>>>>> GCC,
>>>>>> 
>>>>>> See below.  I would think its self explanatory but apparently not.
>>>>>> 
>>>>>> I'd like to propose the following new policy:
>>>>>> 
>>>>>> Any attendee discovered conducting unauthorized access (physical or electronic) at an OWASP hosted event will be immediately asked to leave without refund.  The victim of the unauthorized access will be notified and the matter referred to to board for consideration further action.
>>>>>> 
>>>>>> -Mark
>>>>>> 
>>>>>> Sent from my wireless device
>>>>>> 
>>>>>> Begin forwarded message:
>>>>>> 
>>>>>>> From: "gregory.disney" <gregory.disney at owasp.org>
>>>>>>> Date: October 25, 2012, 11:58:42 PM EDT
>>>>>>> To: owasp-leaders at lists.owasp.org, OWASP AppSec USA <appsecusa at owasp.org>
>>>>>>> Subject: [Owasp-leaders] Connect to Hyatt router at appsec
>>>>>>> 
>>>>>>> ESSID: Hyatt
>>>>>>> http://207.238.37.130/superclick/hsia_accept.php
>>>>>>> just click the link and run
>>>>>>> There is no real authentication on the server, tisk tisk for zero security on a Debian server. 
>>>>>>> OWASP Zap found this exploit in 10 mins
>>>>>>> _______________________________________________
>>>>>>> OWASP-Leaders mailing list
>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>> _______________________________________________
>>>>>> Owasp-board mailing list
>>>>>> Owasp-board at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>> 
>>>> _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>> 
>>> _______________________________________________
>>> Global_conference_committee mailing list
>>> Global_conference_committee at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/global_conference_committee
>> 
>> _______________________________________________
>> Global_conference_committee mailing list
>> Global_conference_committee at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/global_conference_committee
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20121029/08982749/attachment.html>


More information about the Owasp-board mailing list