Security Basics mailing list archives
Re: application for an employment
From: Raoul Armfield <armfield () amnh org>
Date: Thu, 23 Mar 2006 10:59:00 -0500
Kurt Reimer wrote:
It's a sad thing that the overwhelming majority of respondents to this question advise Matthias against informing his prospective employer of the security problems he's observed in his employer's network. As a practical matter I guess they are correct. He's more likely to be shown the door (if not actually prosecuted) than to be admired for his technical skill and initiative, should he reveal his discoveries.But the fact that this is true does not in any way make it right, and it makes me sad and angry that these attitudes and policies, born of ignorance and paranoia, are now becoming codified as standards of ethics and professionalism.I echo the sentiments of mostrespondents in that it's not information that's relevant to your application for employmentIt is OF COURSE RELEVANT to his application for employment as a Systems Administrator. This is part of what a competent and responsible System Administrator should be concerned with, and should be technically competent to do. The fact that these conditions exist at his prospective employer make it even more relevant.nor is it representative of the ideal ethical standards by which you're no doubt holding yourself.Matthias' actions are just about as unethical as mine would be if I were walking by by neighbor's house at night, saw that his front door was swinging open, and called him up or knocked on his door and woke him up to tell him about it. Sure, I saw his door flapping around open just the same way a thief might have seen his door flapping around in the breeze. It is after all the same door open the same way. What a sick world it would be if, after seeing that open door, I had to worry about being accused of eavesdropping or some other such garbage to the point that I might decide to just look down at the ground and keep on walking!!
I disagree with certain aspects of this reasoning. While it is the sysadmins responsibilities to keep the systems secure, Matthias does not have the permission of the University to poke around to do a Security evaluation and/or audit. While I understand your analogy to the open door, what he is suggesting is analogous to walking into the house and checking if the interior room doors are open and trying the handle on the safe. We all agree that that is unacceptable.
By your reasoning anyone would have the right to run scans of anyone else's network but we all know that most, if not all, AUP's ban this activity.
-- Raoul Armfield rarmfield at amnh dot org --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: application for an employment, (continued)
- Re: application for an employment Saqib Ali (Mar 21)
- Re: application for an employment Don Bailey (Mar 21)
- Re: application for an employment ilaiy (Mar 21)
- Re: application for an employment William Starling (Mar 21)
- Re: application for an employment PCSC Information Services (Mar 21)
- Re: application for an employment ilaiy (Mar 22)
- Re: application for an employment Christian Lerrahn (Mar 24)
- Re: application for an employment Kurt Reimer (Mar 22)
- Re: application for an employment PCSC Information Services (Mar 22)
- Re: application for an employment Don Bailey (Mar 24)
- Re: application for an employment Raoul Armfield (Mar 24)
- RE: application for an employment Michael J. Benedetto (Mar 24)
- Re: application for an employment Kurt Reimer (Mar 24)
- Re: application for an employment ilaiy (Mar 22)
- Re: application for an employment Hans Meier (John Doe) (Mar 31)
- RE: application for an employment Steveb (Mar 21)
- RE: application for an employment Al Gettier (Mar 21)
- Re: application for an employment L G (Mar 24)
- RE: application for an employment Lalit Gupta (Mar 22)
- RE: application for an employment Sadler, Connie (Mar 22)
- Re: FW: application for an employment Matthias Güntert (Mar 22)
- RE: application for an employment Craddock, Larry (Mar 27)
(Thread continues...)
- Re: application for an employment Saqib Ali (Mar 21)