Jump to content

Social Engerneering at its best.


Madkat

Is this good?  

20 members have voted

  1. 1.

    • Yes
      2
    • No
      1
    • Your an Idiot
      7


Recommended Posts

I'm Jason Millworth, owner of Custom Geek Computer Security. While looking

up different forklift companies for a client, I happened to have found your

site, a website my client was looking for. They asked me to do a penetrationtest on your server to get a "Cross Reference" from your company. They statedthat you must be a distributor for Intrupa, and they are not. I have a

twenty-eight page list of all the vulnerablilties on your server. If I

recieve a copy of your Cross Reference I will gladly give you the list of

vulnerablilties, or fix the vulnerablilties on your server.

Thank you,

Jason Millworm

Custom Geek Computer Security

Milwaukee, WI

The above sent was sent to a company my mom needed a cross reference from, and Didn't feel like hacking.. Heh.

Link to comment
Share on other sites

This is gray hat: You looked for vulnerabilities with out permission (so you can get arrested and prosecuted), but instead of abusing the found vulnerabilities, you informed them of the vulnerabilities.

No, this is black hat. It's extortion.

I've found that your shop doesn't react well to pipe bombs. It would be a mighty shame if one were to go off here, now wouldn't it? Might put you right out of business I reckon. As it just so happens, I have a contract here, and if you sign at the dotted line plus give me $50 per hour from now to infinity, I can assure you nobody will ever be able to place a pipe bomb here.

Oh, did I tell you about our special offer on mugging protection?

Link to comment
Share on other sites

This is gray hat: You looked for vulnerabilities with out permission (so you can get arrested and prosecuted), but instead of abusing the found vulnerabilities, you informed them of the vulnerabilities.

No, this is black hat. It's extortion.

I've found that your shop doesn't react well to pipe bombs. It would be a mighty shame if one were to go off here, now wouldn't it? Might put you right out of business I reckon. As it just so happens, I have a contract here, and if you sign at the dotted line plus give me $50 per hour from now to infinity, I can assure you nobody will ever be able to place a pipe bomb here.

Oh, did I tell you about our special offer on mugging protection?

Yup, it's no different than a mob making you pay protection. If anybody send you an email like that, report them.
Link to comment
Share on other sites

Now we are in to the gray area of what is and is not black hat, I think I will say what I think is gray hat>

gray hating is looking for vulnerabilities in some one else's software (or network) with out due permission. Then reporting all found vulnerabilities and offering to help the person in charge fix the problems. (There will be no logs of actual attack because one didn't take place).

Note how there is no personal gain involved. Black hatting would be where you threaten them and ask for money, or just go straight ahead and brake in and do what ever you want.

Are my definitions confused?

Link to comment
Share on other sites

Are my definitions confused?

Probably not, but you chose to ignore this little line from the message:

If I recieve a copy of your Cross Reference I will gladly give you the list of vulnerablilties, or fix the vulnerablilties on your server.

That's what makes this extortion.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...