Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PEN-TEST] examining exchange mail

From: Andrew Thomas <blink () EYE2EYE NET>
Date: Thu, 7 Dec 2000 13:08:03 +0200
Hi,

Comments inline..


-----Original Message-----
From: Robert van der Meulen [mailto:rvdm () CISTRON NL]
Sent: Wednesday, December 06, 2000 8:07 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: examining exchange mail


... stuff deleted ...


What this has to do with pen-testing, i don't get ;) Also keep in mind that
reading any users' email (unless it's your own) can offer a nice legal
problem, even in a pen-test scope (not mentioning ethics).


Not specifically with pen-testing, but to do with employee investigation. As
far as the legal aspects go, those can be dealt with in an employee
contract, with a specific clause whereby the employee reliquishes his right
to privacy for *company* email. The AUP also states that the use of a
company email account for personal email is forbidden.

I'm not (fortunately) the one who has to worry about the legalese involved
here, so take the above from whence it comes. If anyone else has comments on
the above, feel free to email either off the list.

Take care,
  Andrew
Previous By Date Next
Previous By Thread Next

Current thread: