Security Basics mailing list archives
Re: application for an employment
From: Christian Lerrahn <security () penpal4u net>
Date: Thu, 23 Mar 2006 11:02:37 +1100
Hi everybody,
Poking in to someone network for information gathering is illegal. Donot do it. You could gather information like post made by the company .. The manager who is hiring his or her post. which would give you a fair idea of the network layout and the intrests of the person interview ..
Why is everybody assuming that what Matthias did was illegal? At least the 2 tools he mentioned (nmap and dig) are legal to use. From what I understand, he never broke into a network but just gathered information that was somehow offered to him. Maybe this would already be illegal in the US but in Germany you can portscan or do zone transfers as long as you want. You only use public services and as long as you don't alter anything there's no boligation for you to find out if the permissions were granted accidently or intentionally. If on the other hand you used a vulnerability of a software like e.g. a buffer overflow, this would be considered illegal because it's not part of the service that is meant to be offered. Concerning the use of the info gathered, this doesn't make any difference though. Like others pointed out, the university should be happy about Matthias demonstrating his skills (without doing anything illegal!) and helping them to improve their security. However, I'd also expect them not appreciate that. Nevertheless I'd not call that whole thing unethical because Matthias actually gathered the information in preparation of the job and is just giving his best. He doesn't show any intention to abuse the knowledge he's gathered and only that would make it unethical. Cheers, Christian -- PGP Key available at http://www.penpal4u.net/keys/Christian_Lerrahn.asc . --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- application for an employment Matthias Güntert (Mar 20)
- Re: application for an employment Saqib Ali (Mar 21)
- Re: application for an employment Don Bailey (Mar 21)
- Re: application for an employment ilaiy (Mar 21)
- Re: application for an employment William Starling (Mar 21)
- Re: application for an employment PCSC Information Services (Mar 21)
- Re: application for an employment ilaiy (Mar 22)
- Re: application for an employment Christian Lerrahn (Mar 24)
- Re: application for an employment Kurt Reimer (Mar 22)
- Re: application for an employment PCSC Information Services (Mar 22)
- Re: application for an employment Don Bailey (Mar 24)
- Re: application for an employment Raoul Armfield (Mar 24)
- RE: application for an employment Michael J. Benedetto (Mar 24)
- Re: application for an employment Kurt Reimer (Mar 24)
- Re: application for an employment ilaiy (Mar 22)
- Re: application for an employment Hans Meier (John Doe) (Mar 31)
- <Possible follow-ups>
- RE: application for an employment Steveb (Mar 21)
- RE: application for an employment Al Gettier (Mar 21)
- Re: application for an employment L G (Mar 24)
(Thread continues...)
- Re: application for an employment Saqib Ali (Mar 21)