undefined | Better HN

0 pointsDylan1680713y ago0 comments

But you wouldn't call reconnaissance hacking, would you? That's just vaguely looking at the site and information about the company. Step 2, pointed at something like a webserver, does not connect to any systems the person is not supposed to have access to. Only step 3 crosses the line.

0 comments

puerto13y ago

Good point, I wouldn't call reconnaissance hacking. For two reasons: 1) It's a passive method 2) It's not done on the attacked system.

Scanning is an active method and it's done on the attacked system. Web scanning is not the same as web crawling (downloading pages of the site). It include all kinds of invasive tests, like SQL Injection, XSS, command injection and other attack attempts. It can cause many kinds of problems, named here in this thread.

From security perspective, scanning is an attack. Everyone who uses these tools should be aware of this.

j / k navigate · click thread line to collapse

0 pointsDylan1680713y ago0 comments

0 comments

puerto13y ago

Good point, I wouldn't call reconnaissance hacking. For two reasons: 1) It's a passive method 2) It's not done on the attacked system.

From security perspective, scanning is an attack. Everyone who uses these tools should be aware of this.

j / k navigate · click thread line to collapse