Security Basics mailing list archives
RE: application for an employment
From: "Craddock, Larry" <l_craddock () wfec com>
Date: Mon, 3 Apr 2006 09:16:48 -0500
-----Original Message----- From: Hans Meier (John Doe) [mailto:security.department () tele2 ch] Sent: Friday, March 31, 2006 9:17 AM To: security-basics () securityfocus com Subject: Re: application for an employment I have another analogy try (sorry for that :-) : Putting a box with a public IP on a public net offering public services is like presenting products in a Walmart or an Aldi respectively. I'm neither obliged to know what I'll buy before visiting the store, nor to only buy products that have been advertised. I look at different places, and search, to see what's availabe, and touch. This is all legal.
Not a bad analogy but a better fit would be to take one step back. The store is only public when it's open and the road that gives access to it and other stores is what's always public. You're free to search that road for open stores but even that doesn't require rattling the knobs and checking the windows. And once inside you're free to inspect the items they've placed there for sale but giving you entry into the store doesn't imply free access to all their resources. For instance, if you decide that maybe you should be able to inspect Walmart's books and make yourself at home at the manager's desk in their office, you can probably expect to be escorted out. They probably have employee records in there someplace. They possibly have a break room with a refrigerator where employees may have placed some of the very same items the store sells. Do you have a right to those? Would you even THINK you did? No ... it's obvious what's for sale and what's not. Does the fact that they have public offerings give anyone a right to walk in and inspect their employee records? No, it's obvious what's for sale and what areas in the store you're welcome to visit. It's not much different with internet servics. I know where I should be and if I end up someplace where I shouldn't be it's because I made a conscious effort to get there and knowingly disregarded the wishes of the owner. As vague and fuzzy as some would like to make this, it's really not all that complicated, at least not from practical and ethical viewpoints. It may in fact be very complicated from a legal standpoint but then you seldom enter that arena without having done something that's at least questionable. Those who attempt to make it appear complicated do so to justify their own preferences and/or activities. I've been involved with internet services for around 12 years and I can tell you for an absolute fact I've NEVER needed to portscan some network to "find out what services they offer." That's nothing but an excuse. Larry Craddock --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- RE: application for an employment, (continued)
- RE: application for an employment Craig Wright (Apr 03)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 03)
- RE: application for an employment Craig Wright (Apr 03)
- Re: application for an employment Raoul Armfield (Apr 03)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 04)
- RE: application for an employment Ramsdell, Scott (Apr 03)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 05)
- RE: application for an employment John E. Fleming (Apr 03)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 05)
- RE: application for an employment onowlin (Apr 03)
- RE: application for an employment Craddock, Larry (Apr 03)
- RE: application for an employment Craig Wright (Apr 03)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 03)
- Re: application for an employment c.s.wright (Apr 04)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 04)
- Message not available
- Re: Port scanning/illegalities Ansgar -59cobalt- Wiechers (Apr 05)
- RE: Port scanning/illegalities Ramsdell, Scott (Apr 06)
- Re: Port scanning/illegalities Ansgar -59cobalt- Wiechers (Apr 06)
- Re: Port scanning/illegalities Jeffrey F. Bloss (Apr 07)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 04)
- RE: application for an employment Craig Wright (Apr 03)