Re: [TSCM-L] TeleSweep from securelogix--or--PhoneSweep from Sandstorm from kondrak on 2006-02-07 (file.mbox)

From: kondrak <kon..._at_phreaker.net>
Date: Tue, 07 Feb 2006 06:08:22 -0500

>From - Sat Mar 02 00:57:18 2024
Received: by 10.11.88.14 with SMTP id l14mr284798cwb;
        Thu, 16 Feb 2006 22:38:11 -0800 (PST)
Return-Path: <fernand..._at_iol.pt>
Received: from mx3a.dc.iol.pt (mx3a.dc.iol.pt [193.126.240.148])
        by mx.googlegroups.com with ESMTP id v11si353819cwb.2006.02.16.22.38.08;
        Thu, 16 Feb 2006 22:38:11 -0800 (PST)
Received-SPF: pass (googlegroups.com: best guess record for domain of fernand..._at_iol.pt designates 193.126.240.148 as permitted sender)
Received: from [193.126.166.131] (unknown [193.126.166.131])
        by mx3a.dc.iol.pt ((Email service for IOL isp (apoioao..._at_iol.pt))) with ESMTP id 57201780019F
        for <TSCM-..._at_googlegroups.com>; Fri, 17 Feb 2006 06:38:07 +0000 (UTC)
Received: from 127.0.0.1 (AVG SMTP 7.1.375 [267.15.7/259]); Fri, 17 Feb 2006 06:38:02 +0000
Message-ID: <001101c6338c$b34a5930$83a67ec1_at_homecomputer>
From: "Fernando Martins" <fernand..._at_iol.pt>
To: <TSCM-..._at_googlegroups.com>
References: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAABpvjtH2sCEyK/2j2ldTEcwLnAAAQAAAA0qLpIKcYBE2tWZk7qW+y9wEAAAAA_at_gdis.co.il>
Subject: Re: [TSCM-L] Re: TeleSweep from securelogix--or--PhoneSweep from Sandstorm
Date: Fri, 17 Feb 2006 06:38:00 -0000
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2670
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2670

> Did you or anyone else use this software's and satisfied with the brute
> force function?????

Using brute force is a nice way to got into problems during a penetration
test in a customer (even if he agreed with a zero knowledge intrusion audit
... along with a signed contrat of course). The only thing you will prove is
that some or many people are using bad passwords, and that is easy to prove
using social engineering skills. In the other hand, wardiallers to know what
phone number a client have or are using in IP connections is not enough
considering that the good old 56K are not so used anymore.

The most important thing I have learned in IT and physical security audits,
is that the most efective way to know a company and it's vulnerabilities is
knowing the company by asking, asking and asking a lot, to everybody, from
the cleaning staff to the CEO.

FM
Received on Sat Mar 02 2024 - 00:57:18 CST

This archive was generated by hypermail 2.3.0 : Sat Mar 02 2024 - 01:11:44 CST