| To: | pen-test@securityfocus.com |
|---|---|
| Subject: | Re: The legal / illegal line? |
| From: | Dotzero <dotzero@gmail.com> |
| Date: | Mon, 5 Mar 2007 14:51:51 -0500 |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | pentest-list2@consult.net |
| Delivered-to: | mailing list pen-test@securityfocus.com |
| Delivered-to: | moderator for pen-test@securityfocus.com |
| Dkim-signature: | a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=mbuWNpBvnVbeEzMQa/lf9aJMql2RTQE1vcAx07t9ri1wz9VdOM23Ym5Y//eCLPmFLhBWIVrnujXlxK7GzeRUBTdTgdZbcNicKZsPzGPLdHKJJB9U1cer0ED4RKhjjUIioqpr1BOsSqmbrDFjAWVfQDfnOg5XMp6zT3N9mzJdCNI= |
| Domainkey-signature: | a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=XDxRwKKXTuL6V84W0xappgIVDkdAhl/INVW/XO7BKs1X6oV1YJMCl/x06kau3qLssnCIjesTI6I7cvBveDPBOCXDaC02GOtr5PXhCojS2JBSFJ52L60GatiYE4QQ9wrdhvWSg/iSuBsTFEWvg+Ih16zc1U1d5Jy1N+o2j7FmAWE= |
| In-reply-to: | <FE390886392A1F43BCF9FF279DA19974223419@nt03.bdonsw.local> |
| List-help: | <mailto:pen-test-help@securityfocus.com> |
| List-id: | <pen-test.list-id.securityfocus.com> |
| List-post: | <mailto:pen-test@securityfocus.com> |
| List-subscribe: | <mailto:pen-test-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:pen-test-unsubscribe@securityfocus.com> |
| Mailing-list: | contact pen-test-help@securityfocus.com; run by ezmlm |
| References: | <45E781F7.5060609@ttienterprises.org> <45EC1B12.108@ttienterprises.org> <FE390886392A1F43BCF9FF279DA19974223419@nt03.bdonsw.local> |
| Resent-date: | Mon, 5 Mar 2007 12:39:10 -0700 (MST) |
| Resent-from: | pen-test-return-1078483710@securityfocus.com |
| Resent-message-id: | <20070305193910.7BCEF239428@outgoing3.securityfocus.com> |
| Resent-sender: | listbounce@securityfocus.com |
| Sender: | listbounce@securityfocus.com |
The original question from Barry was about legal vs illegal. There is only one (IMHO) answer to that question. It depends on jurisdiction. The laws that apply in one jurisdiction may not apply in another. I'm also concerned about Barry asking about when others "approach a client" to tell them about their insecurities following a "simple pen-test".. They are NOT your client unless they have engaged you. They are a potential client. They have no relationship with you and you have not been authorized by them to do anything on their behalf. Even if you haven't done anything illegal, most companies I'm familiar with would be unlikely to hire you or your company under such circumstances. The actions you describe are indicative of a failure to recognize appropriate boundaries. A more reasonable approach (and one more likely to attract business) would be to have your sales people pitch a free security assessment. Have a standard agreement authorizing a standard but limited set of activities that you can then use to show a potential client how they might benefit from your services. As usual, just my 2 cents. dotzero ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------ |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: The legal / illegal line?, Justin Ross |
|---|---|
| Next by Date: | RE: The legal / illegal line?, Craig Wright |
| Previous by Thread: | RE: The legal / illegal line?, Craig Wright |
| Next by Thread: | Re: The legal / illegal line?, Martin Zimmermann |
| Indexes: | [Date] [Thread] [Top] [All Lists] |