Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Re: [Security Weekly] [GPWN-list] Pen Testing and the Canadian anti-spam law
From: Ty Purcell <TPurcell () ffin com>
Date: Tue, 1 Jul 2014 16:03:19 +0000

Jamil,

Is there the possibility of properly crafting the Statement of Work and Rules of Engagement to comply with the law 
while also meeting your pentest operational needs?

Ty





________________________________
From: gpwn-list on behalf of Jamil Ben Alluch
Sent: Tuesday, July 01, 2014 10:36:16 AM
To: advisory-board-open () lists sans org; gpwn-list () lists sans org; Security Weekly Mailing List
Subject: [GPWN-list] Pen Testing and the Canadian anti-spam law

Hello,

I wanted to get some points of view in regards to the newly implemented anti-spam law that entered into effect today in 
Canada.

There are cases where during pen-testing projects, we are in a way required to send emails in order to test out 
phishing attempts, malware downloads etc.

These would have to be crafted in a way that is appealing to the targeted end-user and often will have some kind of 
appealing sales connotation or fake business application.

Now according to the CASL<http://fightspam.gc.ca/>, this would entitle senders to up to CA$1,000,000 in fines, if you 
are an individual, and $10,000,000 in fines if you are a business.

Obviously in our line of work, in order to perform our duties as pen-testers, this could turn out to be a problem and 
remove the possibility of trying out sets of attack vectors relying on emails.

I'd like to get some opinions on this matter.

Best Regards,

--
Jamil Ben Alluch, ing. jr, GCIH
[Autronix]<http://www.autronix.com>
Information Technology & Security Consulting
jamil () autronix com<mailto:jamil () autronix com>
+1-819-923-3012
+1-877-564-7656 e.123
[https://mailfoogae.appspot.com/t?sender=aamFtaWxAYXV0cm9uaXguY29t&type=zerocontent&guid=33a4bfec-4e30-4dea-a30b-b6f0fbaa8859]ᐧ
_______________________________________________
securityweekly mailing list
securityweekly () mail securityweekly com
http://mail.securityweekly.com/cgi-bin/mailman/listinfo/securityweekly
Main Web Site: http://pauldotcom.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]