This is a good thread which begs further discussion.
My question is, at what point is it illegal? Do we have correspondents on
this list better versed in the law? Obviously, based Randal's experience,
you need to be careful in Oregon, but at what point is port scanning
illegal? And what are the precedents?
Is dig-ing illegal? Are not dns entries, domain names and associated ip
ranges, and net block owners all public knowledge?
I guess the crudest part of my question is, was Mathias picking a lock, or
did he see a door hanging wide open?
And at what point is someone going through an open door versus looking in a
window versus admiring someone's architecture from the street?
lg
----- Original Message -----
From: "Al Gettier" <agettier@tealeaf.com>
To: <security-basics@securityfocus.com>
Sent: Tuesday, March 21, 2006 1:57 PM
Subject: RE: application for an employment
What you did might be illegal without their permission. Take a look at the
Randal Schwartz situation over 10 years ago:
http://www.lightlink.com/spacenka/fors/
-----Original Message-----
From: Steveb@tshore.com [mailto:Steveb@tshore.com]
Sent: Tuesday, March 21, 2006 7:14 AM
To: MatzeGuentert@gmx.de; security-basics@securityfocus.com
Subject: RE: application for an employment
Not if you want them to employ you. It's not good practice to probe their
network without their permission. There may be a serious lack of trust if
you reveal to them that you where doing so without going through proper
channels.
-----Original Message-----
From: Matthias Güntert [mailto:MatzeGuentert@gmx.de]
Sent: Monday, March 20, 2006 7:46 AM
To: security-basics@securityfocus.com
Subject: application for an employment
Dear listmembers,
i am seeking for a new job as a Unix/Linux systemadministrator. There has
been an advertisement at a well known university. So I started to prepare my
self for the application. While collecting some information about the
network, using nmap, dig, etc... I was able to read the whole namespace from
the ip range (255.255.0.0)
My question is should I use some of the information I have found out to push
my application forward? What do you think how a director would react?
--
Mit freundlichen Grüßen
Matthias Güntert
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
