Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: The legal / illegal line?
From: "Craig Wright" <cwright () bdosyd com au>
Date: Tue, 6 Mar 2007 05:49:35 +1100


Hello,

In response, first you have confused criminal and illegal, a common error.



In response to the analogy, you have committed a trespass when you push the door as well. The implied license to go to 
the door for a valid purpose is negated the instant that you exceed that license by pushing on the door to see if it is 
open. It is not a general implied condition that you can test to see if doors are open. This is thus a tort - i.e. 
illegal.



Likewise, scanning without authorisation is illegal. The question of whether it is criminal will vary according to 
jurisdiction. Either way it is illegal. Being able to take action is a different matter again.



Regards,

Craig


________________________________

From: listbounce () securityfocus com on behalf of admin
Sent: Mon 5/03/2007 10:05 PM
To: Barry Fawthrop
Cc: pen-test () securityfocus com
Subject: Re: The legal / illegal line?



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Barry Fawthrop wrote:
Hi All

Curious to hear other views, where does the legal and illegal line stand
in doing a pen test on a third party company?
Does it start at the IP Address/Port Scanning Stage or after say once
access is gained?? very vague I know

Hi Barry,

I am new to IT security and new to this list. I could be wrong here but,
as far as I am aware scanning for open ports is not illegal. It is akin
to walking down a residential street knocking on doors or pushing them
to see if they are open. As soon as you enter a system through an open
port, just as in the residential street metaphor, you are then
committing trespass.

The only legal option and this is dependent on the laws of the country
in which the target system is located would be to scan for open ports
and potential exploits, yet make no attempt to enter the system or
leverage those exploits to gain access.

Produce a report for the company explaining how you could take control
of or pull information from their systems using the results of your
legal scan.

Any IT manager/leader/security bod should take your report seriously if
he is worth his/her salt.

Regards
Dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFF6/l0BStvyIzJtOARAj19AJ4wk2YJ0iE5y4pgciyUxXpcdYzLmACeM6x2
1/YhnAnrCZ0EP9Rt+ObORUQ=
=5eN0
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------




Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within 
those States and Territories of Australia where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is confidential. If you are not the intended recipient, you 
must not use or disclose the information. If you have received this email in error, please inform us promptly by reply 
email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. 

Any views expressed in this message are those of the individual sender. You may not rely on this message as advice 
unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by 
a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, 
interception, corruption or unauthorised access.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault