Home page logo

pen-test logo Penetration Testing mailing list archives

Re: what to do it illegal activity found during pen-test
From: Dotzero <dotzero () gmail com>
Date: Wed, 12 Jul 2006 06:15:40 -0400

Just to comment on people equating "good samaritan laws" to reporting
porn. Bad analogy...very bad analogy.

Consider (at least in many/most U.S. states) what the good samaritan
law does. It does NOT protect the average person if they attempt to
provide assistance. It only protects individuals with training that
act within the scope of their training and professional expertise. So
a doctor or nurse is clearly protected when providing assistance
except in cases of gross negligence or malfeasance, etc.

In the case of an individual with limited training, it only protects
the individual rendering assistance within very defined circumstances.
So (and I do have first aid and aed/cpr certifications) there are a
few conditions:

1) if the person is conscious they have the right to refuse
assistance. If you attempt to provide assistance after they refuse it
you are not protected. The exception to this is if they are not
conscious, in which case most states have implied consent.

2) If the individual does not follow the procedures in the training or
goes beyond the scope of the training they are generally not protected
by good samaritan laws.

In the case of an individual with no training/certification, they are
generally not protected under good samaritan laws if they attempt to
render assistance.

The purpose of good samaritan laws is to give an incentive to trained
individuals to render assistance in the case of an accident or
emergency. That is a very limited and defined scope.

Moving on to reporting alleged kiddie porn in the course of a
professional engagement. You have no protection whatsoever under the
concept of good samaritan laws. If you commit a tort by misreporting
you are subject to civil action and your liability is your liability
(to whatever extent that is).

How many people on this list are willing to claim expertise in kiddie
porn that should/would match the analogy of good samaritan law

It's interesting that most people are focusing only on kiddie porn
when there are so many other types of activities one is likely to come
across during a pen-test or audit.

This List Sponsored by: Cenzic

Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]