Penetration Testing mailing list archives
RE: Information Assessment Legality
From: "Brad Bemis" <brad.bemis () secureitexpert com>
Date: Tue, 12 Oct 2010 15:03:24 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello Stephen... Both of your proposed business offerings are common service among many social media companies - my girlfriend is the head of account management for a company that offers not only integrity checking in terms of available content on a person or company, but has a service to help lower the hit rate of unfavorable information while increasing emphasis on positive information. With these points in mind, these offerings are a completely legal and legitimate option (though the moral integrity of the additional 'spin' control I mentioned may be questionable depending on the situation). - From what I've been led to understand the company may be working to spin off this division and sell it to another company - with all of its current talent and resources. I'm not really in the know on what they're doing, but if you are interested in talking to someone to learn more about their service, what they do, and how they do it, I may be able to dig up some contact information for you. Ping me off line if you'd like to know more.... Thank you for your time and attention, Brad Bemis, CISSP, CISA Information Security Professional SecureITExpert | Seattle WA =========================== PGP KeyID: 0xC89B8AA1 (.asc) brad.bemis () secureitexpert com http://www.secureitexpert.com http://twitter.com/SecureITExpert =========================== “Change is the Only Constant!” On Mon, Oct 11, 2010 at 8:35 AM, Stephen <stephen () greyhat-security com> wrote:
Hi all, we're considering offering 2 new services at Greyhat-Security, but wanted to know quite simply whether they'd be legal or not. I imagine they would be, but I'd appreciate if anyone could offer their views and experiences, or preferably, reference to the relevant laws. The services are: a) A personal information integrity check. The client pays us to conduct a review of all their personal information on the internet, where it's located, and the impact that could have on them or their business. b) A information review on a target. The client pays us and provides us with a starting point (a targets email, website, etc), and we find out as much as we can about said target using provided information, then provide the client with a report. Now, I would assume that option A is legal, as the person is requesting information on themselves, and we'd be using already publicly available information, however, I just wanted to confirm this, and whether a special license would be needed. Option B I would also assume would be legal, as services like Intelius do a similar thing (publicly available information on anyone at a cost), however, I wanted to know if there were special licenses needed, and whether we would be responsible if that information were used to commit a crime, or not? Thank you all for your input. -- Stephen CEO of Greyhat-Security.com Education, Assessments, and Community Phone (Skype): +618 8121 7403
- ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org - ------------------------------------------------------------------------ -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.10.0 (Build 500) Charset: UTF-8 wsFVAwUBTLTbMB2oBrjIm4qhAQhB8g//URBLoHzPaASDfrpEURrvav5PpRTdTXO1 9t4Ygr+yAUfW6/VyEUPXAQkKDaw1+1kaOwMwo4ZFeY0hpKPgjqZnEKUJ8Z84pjEy WiZjt/HojM35OeJxfs4pZTMgwgcYy6bQcxmzpzwYsyEQ31lf/gVw79Kc/Mfab1Ne AvNM2VWyb7REAkpDXHBShR/Vt4LuEB7NB7dPLEaA4UO52Ljn7KT7SQ6RUJaKS2RZ alRffv0sTdKJU6/YM1TP+bZ8Y37vDrx04b5jAi/MkwhVoAIhvzgomALoLkrK3DVY kEfDNKkalXjySO3JTiezYvdobkEx5IZdbGtG2KQZUaGFTo8ChPase0bkOAW0UQgg D+I4tjwzsoKOAdDHGGwgY5R7YcVW7+7Qvdn7cWRjWrh2CZMOvPdkDWFFjI0xipQD rDpwf3hiRRFM8uHLE+uIBcxwKZx7ewR4JSSQpLTw3mHKIGn8WJNFWyuYKDLwPsL4 12p/fFJ+oAxku9ooqL9FuZEE4fXvVEjb3xlJrM9kdjpVmddr651qgdTEm3wKs4Ge AN76ZViERG5bDRRd0xRwbV95Xrfk965LaBbRI23VtxV9WD2d2FEi2fdA5XkIUWpP B3CDai7Mmi+ZVRG7q2XSPI6erAKQJriGSK4kClBa4Lp2qq3RVbA0YEu8n7ZYwWhi CgYLFBzbCso= =yvXy -----END PGP SIGNATURE----- ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Information Assessment Legality Stephen (Oct 11)
- Re: Information Assessment Legality Michal Zalewski (Oct 12)
- Re: Information Assessment Legality Stephen (Oct 12)
- Re: Information Assessment Legality anthony . cicalla (Oct 12)
- Message not available
- Re: Information Assessment Legality Stephen (Oct 12)
- Re: Information Assessment Legality Michal Zalewski (Oct 12)
- Message not available
- Information Assessment Legality bala subramanian (Oct 12)
- Re: Information Assessment Legality Stephen (Oct 12)
- RE: Information Assessment Legality Brad Bemis (Oct 13)
- Information Assessment Legality bala subramanian (Oct 12)
- Re: Information Assessment Legality Joe Peters (Oct 13)
- Re: Information Assessment Legality Stephen (Oct 13)