once a month I do a security audit on 100+ web
sites using only a standard web browser: Netscape
by name. The summary is on my site at
http://www.asrdesigns.ltd.uk/security.html
I have written to a number of the webmasters of
sites that I rate as ‘severe vulnerability’
(about 14% of sites) offering a commercial
service at less than $300. Their attitude ranges
from accusing me of black mail to ‘so what’. So
what if I can get to the home address and
telephone number of employees? So what if I can
access the client databases? So what if I can
get to user names and crack their passwords? And
as to black mail, $300 would not cover my phone
bill some months.
Perhaps WebMasters and Server Administrators arescared to accept specialist assistance as they
see it as weakness on their own part. In the
mean time the information that they are the
guardians of is open to less benevelant
observation than mine.
Regards, Robert.
