Security Basics mailing list archives
RE: application for an employment
From: "Craig Wright" <cwright () bdosyd com au>
Date: Sat, 25 Mar 2006 09:17:40 +1100
Hi Lg I am completing an LLM in International Commerce Law focusing on ecommerce and computer crime (I am an academic junkie). Does this make me versed? Well it will depend on the jusristiction and level of the court. First there is Civil and Common law (and I am from a common law background). Next ther eis the issue that the UK and continental Europe have joint EC treaties. Thus EC directives overrule UK law. Australian and NZ look at decisions in the UK, but they are not binding. The US, though derived from commn law has it's own set of legistlation. Next in places like the US and Australia there are Federal, State and other levels of law. Some like deligated legistlation (eg councils) may only be civilly acted. The issues need to be looked at from criminal and civil angles. They are in no manner the same. A course in basic jurisprudence would be good compulsory high school course - it is amazing the lack of knowledge in our legal systems. I will stay away from civil law. Although EU law does cause an overlaw, this is an advanced topic and the basics nned to be defined first - well beyond the scope of this post. Common law is "judge made law". Although statutory law is made by parliment it needs to be "interpreted" by the judiciary. This is where precedent come in. Civil law does not place as much emphasis on precedent. The level of the court also determined the weight of precedent. The simple way to look at this is to look through the eyes of the judge. They are not (generally) even remotely computer literate (with one or two exceptions worldwide). They see this as a common law action in property.This is: Is there damage to property? Has there been a violation to the right to use property? Was there access to the property without permission (eg tresspass)? This does not mean that there was a criminal violation. There may only be a civil (not the same as Civil) violation. There is a difference from civil and criminal tresspass. Both get you into trouble - the issue is the level of trouble. Mathias did not access the systems or alter any data and cuased no damage from what was stated. There is a weak arguement of theft of bandwidth, but this is not likely to succeed (unless Mathias was silly enough to pleed quilty). He has not thus (quite) commited a criminal offence. There is no way to demonstrate the necessary Mens Rea (intent for all purposes - means guilty mind). On the other hand, (and the US is a common law duristiction, Not Civil) he has violated the civil law rights to property of the university. If he worked there, they could use this to take action to sack him. They could also seek damages. Being that he did not yet work there there is not a contractual etc issue. This means that the Uni could seek to extract damages from Mathias in Tort. I will not go into Tort here - it is a whole discipline in itself, but let us just state damages for his actions (technically wrong I know, but this is a gross oversimplification). He will not end up in goal, but there are worse things. The damages claims in the US are not like damages claims in Commonwealth countries. Damages in the US can have you in debt for a long time. The Restatement (Second) of Torts § 217 defines trespass to chattels as “intentionally… dispossessing another of the chattel, or using or intermeddling with a chattel in the possession of another.” He has clearly intermedded with the rights of the University to their property. This is not a criminal act, but still is a breach of the legal rights of the Uni. Read more on - the tort of trespass to chattels. writ of trespass de bonis asportatis. intangible assets including choses in action There would likely also be action in regards to the Tort of Invasion of privacy Regard Craig -----Original Message----- From: L G [mailto:nitziya74 () hotmail com] Sent: Thu 23/03/2006 11:23 AM To: security-basics () securityfocus com Cc: Subject: Re: application for an employment This is a good thread which begs further discussion. My question is, at what point is it illegal? Do we have correspondents on this list better versed in the law? Obviously, based Randal's experience, you need to be careful in Oregon, but at what point is port scanning illegal? And what are the precedents? Is dig-ing illegal? Are not dns entries, domain names and associated ip ranges, and net block owners all public knowledge? I guess the crudest part of my question is, was Mathias picking a lock, or did he see a door hanging wide open? And at what point is someone going through an open door versus looking in a window versus admiring someone's architecture from the street? lg ----- Original Message ----- From: "Al Gettier" <agettier () tealeaf com> To: <security-basics () securityfocus com> Sent: Tuesday, March 21, 2006 1:57 PM Subject: RE: application for an employment What you did might be illegal without their permission. Take a look at the Randal Schwartz situation over 10 years ago: http://www.lightlink.com/spacenka/fors/ -----Original Message----- From: Steveb () tshore com [mailto:Steveb () tshore com] Sent: Tuesday, March 21, 2006 7:14 AM To: MatzeGuentert () gmx de; security-basics () securityfocus com Subject: RE: application for an employment Not if you want them to employ you. It's not good practice to probe their network without their permission. There may be a serious lack of trust if you reveal to them that you where doing so without going through proper channels. -----Original Message----- From: Matthias Güntert [mailto:MatzeGuentert () gmx de] Sent: Monday, March 20, 2006 7:46 AM To: security-basics () securityfocus com Subject: application for an employment Dear listmembers, i am seeking for a new job as a Unix/Linux systemadministrator. There has been an advertisement at a well known university. So I started to prepare my self for the application. While collecting some information about the network, using nmap, dig, etc... I was able to read the whole namespace from the ip range (255.255.0.0) My question is should I use some of the information I have found out to push my application forward? What do you think how a director would react? -- Mit freundlichen Grüßen Matthias Güntert --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus --------------------------------------------------------------------------- --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus --------------------------------------------------------------------------- --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus --------------------------------------------------------------------------- Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists. DISCLAIMER The information contained in this email and any attachments is confidential. If you are not the intended recipient, you must not use or disclose the information. If you have received this email in error, please inform us promptly by reply email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. Any views expressed in this message are those of the individual sender. You may not rely on this message as advice unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by a Partner of BDO. BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised access.
Current thread:
- RE: application for an employment, (continued)
- RE: application for an employment Lalit Gupta (Mar 22)
- RE: application for an employment Sadler, Connie (Mar 22)
- Re: FW: application for an employment Matthias Güntert (Mar 22)
- RE: application for an employment Craddock, Larry (Mar 27)
- RE: application for an employment Woods_Beau (Mar 27)
- RE: application for an employment David Gillett (Mar 27)
- RE: application for an employment Murad Talukdar (Mar 28)
- RE: application for an employment Soderland, Craig (Mar 27)
- RE: application for an employment Craig Wright (Mar 27)
- RE: application for an employment David Gillett (Mar 27)
- RE: application for an employment Craig Wright (Mar 27)
- RE: application for an employment Andrew Williams (Mar 27)
- RE: application for an employment Craig Wright (Mar 28)
- RE: application for an employment Craig Wright (Mar 28)
- RE: application for an employment Craig Wright (Mar 28)
- RE: application for an employment Craig Wright (Mar 28)
- Re: application for an employment Cesc (Mar 29)
- RE: application for an employment Craig Wright (Mar 29)
- RE: Spam:RE: application for an employment Mark Gorman (Mar 29)
- Re: Spam:RE: application for an employment Ian Scott (Mar 30)
- RE: Spam:RE: application for an employment Mark Gorman (Mar 29)
- RE: application for an employment Craig Wright (Mar 29)
(Thread continues...)