Home page logo

basics logo Security Basics mailing list archives

Re: application for an employment
From: Christian Lerrahn <security () penpal4u net>
Date: Thu, 23 Mar 2006 11:02:37 +1100

Hi everybody,
Poking in to someone network for information gathering is illegal.

Donot do it.

You could gather information like post made by the company .. The
manager who is hiring his or her post. which would give you a fair
idea of the network layout and the intrests of the person interview ..

Why is everybody assuming that what Matthias did was illegal? At least
the 2 tools he mentioned (nmap and dig) are legal to use. From what I
understand, he never broke into a network but just gathered information
that was somehow offered to him. Maybe this would already be illegal in
the US but in Germany you can portscan or do zone transfers as long as
you want. You only use public services and as long as you don't alter
anything there's no boligation for you to find out if the permissions
were granted accidently or intentionally. If on the other hand you used a
vulnerability of a software like e.g. a buffer overflow, this would be
considered illegal because it's not part of the service that is meant to
be offered.
Concerning the use of the info gathered, this doesn't make any
difference though. Like others pointed out, the university should be
happy about Matthias demonstrating his skills (without doing anything
illegal!) and helping them to improve their security. However, I'd also
expect them not appreciate that. Nevertheless I'd not call that whole
thing unethical because Matthias actually gathered the information in
preparation of the job and is just giving his best. He doesn't show any
intention to abuse the knowledge he's gathered and only that would make
it unethical.


PGP Key available at http://www.penpal4u.net/keys/Christian_Lerrahn.asc . 

The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]