Home page logo
/

basics logo Security Basics mailing list archives

Re: application for an employment
From: "L G" <nitziya74 () hotmail com>
Date: Wed, 22 Mar 2006 19:23:02 -0500

This is a good thread which begs further discussion.

My question is, at what point is it illegal?  Do we have correspondents on
this list better versed in the law?  Obviously, based Randal's experience,
you need to be careful in Oregon, but at what point is port scanning
illegal?  And what are the precedents?

Is dig-ing illegal?  Are not dns entries, domain names and associated ip
ranges, and net block owners all public knowledge?

I guess the crudest part of my question is, was Mathias picking a lock, or
did he see a door hanging wide open?
And at what point is someone going through an open door versus looking in a
window versus admiring someone's architecture from the street?

lg

----- Original Message ----- 
From: "Al Gettier" <agettier () tealeaf com>
To: <security-basics () securityfocus com>
Sent: Tuesday, March 21, 2006 1:57 PM
Subject: RE: application for an employment


What you did might be illegal without their permission.  Take a look at the
Randal Schwartz situation over 10 years ago:

http://www.lightlink.com/spacenka/fors/



-----Original Message-----
From: Steveb () tshore com [mailto:Steveb () tshore com]
Sent: Tuesday, March 21, 2006 7:14 AM
To: MatzeGuentert () gmx de; security-basics () securityfocus com
Subject: RE: application for an employment

Not if you want them to employ you.  It's not good practice to probe their
network without their permission.  There may be a serious lack of trust if
you reveal to them that you where doing so without going through proper
channels.

-----Original Message-----
From: Matthias Güntert [mailto:MatzeGuentert () gmx de]
Sent: Monday, March 20, 2006 7:46 AM
To: security-basics () securityfocus com
Subject: application for an employment

Dear listmembers,

i am seeking for a new job as a Unix/Linux systemadministrator. There has
been an advertisement at a well known university. So I started to prepare my
self for the application. While collecting some information about the
network, using nmap, dig, etc... I was able to read the whole namespace from
the ip range (255.255.0.0)

My question is should I use some of the information I have found out to push
my application forward? What do you think how a director would react?

--
Mit freundlichen Grüßen

                Matthias Güntert


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault