From: Craig Wright (cwright@bdosyd.com.au)
Date: Tue Mar 27 2007 - 19:55:14 EST
Of course if you do a "free" test you have no consideration. No
consideration means that there is no contract. No contract means that
you have liability and little cover in most juristictions.
Ie. Something goes wrong, you are up a certain creek with no paddle.
Craig
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Varun Nair
Sent: Sunday, 25 March 2007 4:15 AM
To: Philosophil
Cc: pen-test@securityfocus.com
Subject: Re: The legal / illegal line?
2 options:
1. Offer to do a free lightweight pen test for the company. They might
engage you for free and when you have something you can convince them
to hire you for a more comprehensive paid pen test.
2. Use Google and other resources to indirectly find issues with the
network/website under question and show it to them. IANAL but I do not
think this would be illegal. Maybe others can comments on this...
Regards,
Varun V Nair
On 05/03/07, Philosophil <flosofl@gmail.com> wrote:
> I'd say it's pretty straight forward:
>
> Legal = you or your company is hired and has a contract with very
> specific language detailing what is to be tested
>
> Illegal = you perform an unsolicited pen-test in order to drum up
> business. Or even to be a "good citizen"
>
> Basically, CYA and only do testing you have been hired to do. Do no
> more than that, or be willing to face potential legal nightmare.
>
> Just my 2 cents.
>
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016
00000008bOW
------------------------------------------------------------------------
Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists.
DISCLAIMER
The information contained in this email and any attachments is confidential. If you are not the intended recipient, you must not use or disclose the information. If you have received this email in error, please inform us promptly by reply email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy.
Any views expressed in this message are those of the individual sender. You may not rely on this message as advice unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by a Partner of BDO.
BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised access.
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:41 EDT