Security Basics mailing list archives

Re: application for an employment

From: "L G" <nitziya74 () hotmail com>
Date: Wed, 22 Mar 2006 19:23:02 -0500

This is a good thread which begs further discussion.

My question is, at what point is it illegal?  Do we have correspondents on
this list better versed in the law?  Obviously, based Randal's experience,
you need to be careful in Oregon, but at what point is port scanning
illegal?  And what are the precedents?

Is dig-ing illegal?  Are not dns entries, domain names and associated ip
ranges, and net block owners all public knowledge?

I guess the crudest part of my question is, was Mathias picking a lock, or
did he see a door hanging wide open?
And at what point is someone going through an open door versus looking in a
window versus admiring someone's architecture from the street?

lg

----- Original Message ----- 
From: "Al Gettier" <agettier () tealeaf com>
To: <security-basics () securityfocus com>
Sent: Tuesday, March 21, 2006 1:57 PM
Subject: RE: application for an employment


What you did might be illegal without their permission.  Take a look at the
Randal Schwartz situation over 10 years ago:

http://www.lightlink.com/spacenka/fors/



-----Original Message-----
From: Steveb () tshore com [mailto:Steveb () tshore com]
Sent: Tuesday, March 21, 2006 7:14 AM
To: MatzeGuentert () gmx de; security-basics () securityfocus com
Subject: RE: application for an employment

Not if you want them to employ you.  It's not good practice to probe their
network without their permission.  There may be a serious lack of trust if
you reveal to them that you where doing so without going through proper
channels.

-----Original Message-----
From: Matthias Güntert [mailto:MatzeGuentert () gmx de]
Sent: Monday, March 20, 2006 7:46 AM
To: security-basics () securityfocus com
Subject: application for an employment

Dear listmembers,

i am seeking for a new job as a Unix/Linux systemadministrator. There has
been an advertisement at a well known university. So I started to prepare my
self for the application. While collecting some information about the
network, using nmap, dig, etc... I was able to read the whole namespace from
the ip range (255.255.0.0)

My question is should I use some of the information I have found out to push
my application forward? What do you think how a director would react?

--
Mit freundlichen Grüßen

                Matthias Güntert


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

Re: application for an employment, (continued)
- - - Re: application for an employment Christian Lerrahn (Mar 24)
  - Re: application for an employment Kurt Reimer (Mar 22)
    - Re: application for an employment PCSC Information Services (Mar 22)
    - Re: application for an employment Don Bailey (Mar 24)
    - Re: application for an employment Raoul Armfield (Mar 24)
    - RE: application for an employment Michael J. Benedetto (Mar 24)
  - Re: application for an employment Kurt Reimer (Mar 24)
- Re: application for an employment Hans Meier (John Doe) (Mar 31)
- RE: application for an employment Steveb (Mar 21)
- RE: application for an employment Al Gettier (Mar 21)
  - Re: application for an employment L G (Mar 24)
- RE: application for an employment Lalit Gupta (Mar 22)
- RE: application for an employment Sadler, Connie (Mar 22)
- Re: FW: application for an employment Matthias Güntert (Mar 22)
- RE: application for an employment Craddock, Larry (Mar 27)
  - RE: application for an employment Woods_Beau (Mar 27)
  - RE: application for an employment David Gillett (Mar 27)
    - RE: application for an employment Murad Talukdar (Mar 28)
- RE: application for an employment Soderland, Craig (Mar 27)
- RE: application for an employment Craig Wright (Mar 27)
  - RE: application for an employment David Gillett (Mar 27)

(Thread continues...)