Penetration Testing mailing list archives
Re: Information Assessment Legality
From: Stephen <stephen () greyhat-security com>
Date: Tue, 12 Oct 2010 18:05:49 +1030
Hi Bala, thank you - I will look up the OSSTMM and see what I can pull from it. Much appreciated On Tue, 2010-10-12 at 10:05 +0530, bala subramanian wrote:
Hi Stephen, I feel both the services that you have mentioned earlier are legal. As both of them are related to information gathering phase. There are some countries, where even the information gathering phase is DEFINED as illegal. It will be good if you stick to some standard methodology like OSSTMM or your company defined agreement signed by both the parties. Bala. On Mon, Oct 11, 2010 at 8:35 AM, Stephen <stephen () greyhat-security com> wrote:Hi all, we're considering offering 2 new services at Greyhat-Security, but wanted to know quite simply whether they'd be legal or not. I imagine they would be, but I'd appreciate if anyone could offer their views and experiences, or preferably, reference to the relevant laws. The services are: a) A personal information integrity check. The client pays us to conduct a review of all their personal information on the internet, where it's located, and the impact that could have on them or their business. b) A information review on a target. The client pays us and provides us with a starting point (a targets email, website, etc), and we find out as much as we can about said target using provided information, then provide the client with a report. Now, I would assume that option A is legal, as the person is requesting information on themselves, and we'd be using already publicly available information, however, I just wanted to confirm this, and whether a special license would be needed. Option B I would also assume would be legal, as services like Intelius do a similar thing (publicly available information on anyone at a cost), however, I wanted to know if there were special licenses needed, and whether we would be responsible if that information were used to commit a crime, or not? Thank you all for your input. -- Stephen CEO of Greyhat-Security.com Education, Assessments, and Community Phone (Skype): +618 8121 7403
-- Stephen CEO of Greyhat-Security.com Education, Assessments, and Community Phone (Skype): +618 8121 7403
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Information Assessment Legality Stephen (Oct 11)
- Re: Information Assessment Legality Michal Zalewski (Oct 12)
- Re: Information Assessment Legality Stephen (Oct 12)
- Re: Information Assessment Legality anthony . cicalla (Oct 12)
- Message not available
- Re: Information Assessment Legality Stephen (Oct 12)
- Re: Information Assessment Legality Michal Zalewski (Oct 12)
- Message not available
- Information Assessment Legality bala subramanian (Oct 12)
- Re: Information Assessment Legality Stephen (Oct 12)
- RE: Information Assessment Legality Brad Bemis (Oct 13)
- Information Assessment Legality bala subramanian (Oct 12)
- Re: Information Assessment Legality Joe Peters (Oct 13)
- Re: Information Assessment Legality Stephen (Oct 13)