Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: application for an employment

from [Christian Lerrahn] Network Security [Permanent Link]
Subject: Re: application for an employment
Date: Thu, 23 Mar 2006 11:02:37 +1100 
Hi everybody,

Poking in to someone network for information gathering is illegal.

Donot do it.

You could gather information like post made by the company .. The
manager who is hiring his or her post. which would give you a fair
idea of the network layout and the intrests of the person interview ..


Why is everybody assuming that what Matthias did was illegal? At least
the 2 tools he mentioned (nmap and dig) are legal to use. From what I
understand, he never broke into a network but just gathered information
that was somehow offered to him. Maybe this would already be illegal in
the US but in Germany you can portscan or do zone transfers as long as
you want. You only use public services and as long as you don't alter
anything there's no boligation for you to find out if the permissions
were granted accidently or intentionally. If on the other hand you used a
vulnerability of a software like e.g. a buffer overflow, this would be
considered illegal because it's not part of the service that is meant to
be offered.
Concerning the use of the info gathered, this doesn't make any
difference though. Like others pointed out, the university should be
happy about Matthias demonstrating his skills (without doing anything
illegal!) and helping them to improve their security. However, I'd also
expect them not appreciate that. Nevertheless I'd not call that whole
thing unethical because Matthias actually gathered the information in
preparation of the job and is just giving his best. He doesn't show any
intention to abuse the knowledge he's gathered and only that would make
it unethical.

Cheers,
Christian

-- 
PGP Key available at http://www.penpal4u.net/keys/Christian_Lerrahn.asc . 

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Signing before Encryption and Signing after Encryption, David Gillett
Next by Date:  Apache Security Question, Jennifer Fountain
Previous by Thread:  Re: application for an employment, ilaiy
Next by Thread:  Re: application for an employment, Kurt Reimer
Indexes:  [Date] [Thread] [Top] [All Lists]