RE: application for an employment

["Lalit Gupta" <lalit.gupta () lgsoftindia com>]

Hi,

In my personal opinion, you should mention in general somewhere in CV that you can do something like this also, DONOT 
EVER WRITE THE NAME OF UNIVERSITY and actual facts, and if at all you are called for interview, share your experience 
there (only after you asked specifically for you first hand experience of security at the university). That would 
definitely help you out.

Regards,

Lalit Gupta, Specialist-Information Security

Great LGSI Great Security

-----Original Message-----
From: PCSC Information Services [mailto:info () pcsage biz] 
Sent: Wednesday, March 22, 2006 1:08 AM
To: Matthias Güntert
Cc: security-basics () securityfocus com
Subject: Re: application for an employment

Matthias et al,

I don't know if this is an ethical practice for a security  
administrator to undertake at all,
let alone in the context of pre-employment research. I echo the  
sentiments of most
respondents in that it's not information that's relevant to your  
application for employment
nor is it representative of the ideal ethical standards by which  
you're no doubt holding
yourself.
It's important to discuss your skillset including the use of security  
tools, and
understanding of current best practices and methodologies. How you  
brought these
skills to bear on an already unfortunate situation could  
deleteriously impact your
application here. Clearly you have some insights that the University  
could benefit from
and having some prior knowledge is beneficial immediately should you  
become
employed by them, however, disclosing the information before your  
even employed by
the University could raise ethical questions that I'm sure you're not  
wanting to answer.

Sincerely,

Sean Swayze
PCSC Information Services

On 20-Mar-06, at 7:45 AM, Matthias Güntert wrote:

> Dear listmembers,
>
> i am seeking for a new job as a Unix/Linux systemadministrator. There
> has been an advertisement at a well known university. So I started to
> prepare my self for the application. While collecting some information
> about the network, using nmap, dig, etc... I was able to read the  
> whole
> namespace from the ip range (255.255.0.0)
>
> My question is should I use some of the information I have found  
> out to
> push my application forward? What do you think how a director would
> react?
>
> -- 
> Mit freundlichen Grüßen
>
>                 Matthias Güntert


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------




#########################################################
THIS EMAIL MESSAGE IS FOR THE SOLE USE OF THE INTENDED
RECIPIENT(S) AND MAY CONTAIN CONFIDENTIAL AND PRIVILEGED
INFORMATION. ANY UNAUTHORIZED REVIEW, USE, DISCLOSURE OR
DISTRIBUTION IS PROHIBITED.BEFORE OPENING ANY ATTACHMENTS
PLEASE CHECK FOR VIRUSES AND DEFECTS.IF YOU ARE NOT THE
INTENDED RECIPIENT, PLEASE NOTIFY US IMMEDIATELY BY REPLY
E-MAIL AND DELETE THE ORIGINAL MESSAGE.
##########################################################