The legal / illegal line?

From: Barry Fawthrop (barry@ttienterprises.org)
Date: Thu Mar 01 2007 - 20:46:31 EST

• Next message: Mark Hinge: "Black And White Ball - Keynote Speakers Confirmed"
• Previous message: Barry Fawthrop: "Re: Good Pentesting checklist"
• Next in thread: Philosophil: "Re: The legal / illegal line?"
• Reply: Philosophil: "Re: The legal / illegal line?"
• Maybe reply: Craig Wright: "RE: The legal / illegal line?"
• Reply: admin: "Re: The legal / illegal line?"
• Reply: Barry Fawthrop: "Re: The legal / illegal line?"
• Reply: David Swafford: "Re: The legal / illegal line?"
• Reply: Paul Robertson: "Re: The legal / illegal line?"
• Maybe reply: Justin Ross: "Re: The legal / illegal line?"
• Maybe reply: Craig Wright: "RE: The legal / illegal line?"
• Maybe reply: Craig Wright: "RE: The legal / illegal line?"
• Maybe reply: Craig Wright: "RE: The legal / illegal line?"
• Maybe reply: Craig Wright: "RE: The legal / illegal line?"
• Maybe reply: Craig Wright: "RE: The legal / illegal line?"
• Maybe reply: Craig Wright: "RE: The legal / illegal line?"
• Maybe reply: Matthew Snider: "Re: The legal / illegal line?"
• Maybe reply: Craig Wright: "RE: The legal / illegal line?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi All

Curious to hear other views, where does the legal and illegal line stand
in doing a pen test on a third party company?
Does it start at the IP Address/Port Scanning Stage or after say once
access is gained?? very vague I know

I'm also curious to hear from other external/3rd party pen-test
consultants, how they have managed to solve the problem
Where they approach a client who is convinced they have security, and
yet there is classic signs that they don't?
You know that if you did a simple pen-test you would have the evidence
to prove your point all would be mute

But from my current point that would be illegal, even if no access was
gained. (maybe I'm wrong) ??

Perhaps this is just a problem here where I am or perhaps it exists
elsewhere also?

I look forward to your input

Barry

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

• Next message: Mark Hinge: "Black And White Ball - Keynote Speakers Confirmed"
• Previous message: Barry Fawthrop: "Re: Good Pentesting checklist"
• Next in thread: Philosophil: "Re: The legal / illegal line?"
• Reply: Philosophil: "Re: The legal / illegal line?"
• Maybe reply: Craig Wright: "RE: The legal / illegal line?"
• Reply: admin: "Re: The legal / illegal line?"
• Reply: Barry Fawthrop: "Re: The legal / illegal line?"
• Reply: David Swafford: "Re: The legal / illegal line?"
• Reply: Paul Robertson: "Re: The legal / illegal line?"
• Maybe reply: Justin Ross: "Re: The legal / illegal line?"
• Maybe reply: Craig Wright: "RE: The legal / illegal line?"
• Maybe reply: Craig Wright: "RE: The legal / illegal line?"
• Maybe reply: Craig Wright: "RE: The legal / illegal line?"
• Maybe reply: Craig Wright: "RE: The legal / illegal line?"
• Maybe reply: Craig Wright: "RE: The legal / illegal line?"
• Maybe reply: Craig Wright: "RE: The legal / illegal line?"
• Maybe reply: Matthew Snider: "Re: The legal / illegal line?"
• Maybe reply: Craig Wright: "RE: The legal / illegal line?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:37 EDT