Madkat Posted November 15, 2006 Share Posted November 15, 2006 I'm Jason Millworth, owner of Custom Geek Computer Security. While looking up different forklift companies for a client, I happened to have found your site, a website my client was looking for. They asked me to do a penetrationtest on your server to get a "Cross Reference" from your company. They statedthat you must be a distributor for Intrupa, and they are not. I have a twenty-eight page list of all the vulnerablilties on your server. If I recieve a copy of your Cross Reference I will gladly give you the list of vulnerablilties, or fix the vulnerablilties on your server. Thank you, Jason Millworm Custom Geek Computer Security Milwaukee, WI The above sent was sent to a company my mom needed a cross reference from, and Didn't feel like hacking.. Heh. Quote Link to comment Share on other sites More sharing options...
Sparda Posted November 15, 2006 Share Posted November 15, 2006 This is gray hat: You looked for vulnerabilities with out permission (so you can get arrested and prosecuted), but instead of abusing the found vulnerabilities, you informed them of the vulnerabilities. Quote Link to comment Share on other sites More sharing options...
burn Posted November 15, 2006 Share Posted November 15, 2006 Why are the names different on the email? The first sentence says Jason Milworth while the signature says Jason Milworm. Quote Link to comment Share on other sites More sharing options...
Famicoman Posted November 15, 2006 Share Posted November 15, 2006 Why are the names different on the email? The first sentence says Jason Milworth while the signature says Jason Milworm. Uh-oh Quote Link to comment Share on other sites More sharing options...
Madkat Posted November 15, 2006 Author Share Posted November 15, 2006 I just got an e-mail saying the e-mails don't exist .. Oh Well.. I was reading about Milw0rm in "Art of Deception" while I was sendingthis e-mail.. Otherwise, think it would work? Quote Link to comment Share on other sites More sharing options...
Sparda Posted November 15, 2006 Share Posted November 15, 2006 I think it would get you arrested Quote Link to comment Share on other sites More sharing options...
degoba Posted November 16, 2006 Share Posted November 16, 2006 methinks it would get you arrested as well. Quote Link to comment Share on other sites More sharing options...
cooper Posted November 16, 2006 Share Posted November 16, 2006 This is gray hat: You looked for vulnerabilities with out permission (so you can get arrested and prosecuted), but instead of abusing the found vulnerabilities, you informed them of the vulnerabilities. No, this is black hat. It's extortion. I've found that your shop doesn't react well to pipe bombs. It would be a mighty shame if one were to go off here, now wouldn't it? Might put you right out of business I reckon. As it just so happens, I have a contract here, and if you sign at the dotted line plus give me $50 per hour from now to infinity, I can assure you nobody will ever be able to place a pipe bomb here. Oh, did I tell you about our special offer on mugging protection? Quote Link to comment Share on other sites More sharing options...
Garda Posted November 16, 2006 Share Posted November 16, 2006 i think you should check for spelling and grammer before sending anything that's supposed to sound sophisticated Quote Link to comment Share on other sites More sharing options...
renegadecanuck Posted November 16, 2006 Share Posted November 16, 2006 This is gray hat: You looked for vulnerabilities with out permission (so you can get arrested and prosecuted), but instead of abusing the found vulnerabilities, you informed them of the vulnerabilities. No, this is black hat. It's extortion. I've found that your shop doesn't react well to pipe bombs. It would be a mighty shame if one were to go off here, now wouldn't it? Might put you right out of business I reckon. As it just so happens, I have a contract here, and if you sign at the dotted line plus give me $50 per hour from now to infinity, I can assure you nobody will ever be able to place a pipe bomb here. Oh, did I tell you about our special offer on mugging protection? Yup, it's no different than a mob making you pay protection. If anybody send you an email like that, report them. Quote Link to comment Share on other sites More sharing options...
Sparda Posted November 16, 2006 Share Posted November 16, 2006 Now we are in to the gray area of what is and is not black hat, I think I will say what I think is gray hat> gray hating is looking for vulnerabilities in some one else's software (or network) with out due permission. Then reporting all found vulnerabilities and offering to help the person in charge fix the problems. (There will be no logs of actual attack because one didn't take place). Note how there is no personal gain involved. Black hatting would be where you threaten them and ask for money, or just go straight ahead and brake in and do what ever you want. Are my definitions confused? Quote Link to comment Share on other sites More sharing options...
Duelus Posted November 16, 2006 Share Posted November 16, 2006 First off lying = bad Second blackmailing = bad Quote Link to comment Share on other sites More sharing options...
cooper Posted November 16, 2006 Share Posted November 16, 2006 Are my definitions confused? Probably not, but you chose to ignore this little line from the message: If I recieve a copy of your Cross Reference I will gladly give you the list of vulnerablilties, or fix the vulnerablilties on your server. That's what makes this extortion. Quote Link to comment Share on other sites More sharing options...
Sparda Posted November 16, 2006 Share Posted November 16, 2006 Ye, missed that ;) Quote Link to comment Share on other sites More sharing options...
kickarse Posted November 17, 2006 Share Posted November 17, 2006 If it's sooooo important why email? I call BS and it's a blackhatter.. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.