Subnostr

It's really frustrating when you have a client that uses archaic software that affects the security of their server and yet they refuse to move away from it. Despite reasonable explanations on why running something like Outlook 10 is a problem.

Enki 1y ago

The little goblin part of my brain wants to do something minorly malicious to prove my point, but that would be rude on my end.

Reply to this note

Please Login to reply.

Discussion

Troy 1y ago

That's called a White Hat Wake-up. You can do it tactfully.

Enki 1y ago

Not really. Yes they pay me for security and server hosting but without explicit pentesting permission I could get sued for something like that.

Troy 1y ago

Yes you can. It's called a "real time demo". Make a fake employee to be the target, make fake documents that indicate typical data they would store (customer records, balance sheet, HR records, or whatever would be typical for their dept/industry), then hold a meeting where you demonstrate a compromise.

The resulting information should be 100% financial, showing how much they can lose, and how much they can spend to prevent the loss.