Penetration Testing mailing list archives
Re: Interesting conviction
From: Mike Messick <mike () digitalsecurus com>
Date: Fri, 7 Oct 2005 16:28:24 -0800 (AKDT)
You're quite right! ;-) Here's mine: I think the article's editorial comments about causing problems for security professional and penetration testing are pure crap. True professionals don't access systems in unauthorized fashion. They obtain contractual authorization from the owners of those systems first, and then conduct legal penetration tests. Most laws are written with intent in mind. That Mr. Cutbert didn't intend to do anything bad once he got in is really immaterial - that he *intended to gain entry in an unauthorized fashion* is what constituted the violation and his subsequent conviction. Just because you don't steal the TV after you crowbar the front door open doesn't mean you won't go to prison for unlawful entry. Or not get shot by the owner (in some states). The fact that you don't have permission to be there in the first place is what matters (at least under current law). Disclaimer: I'm also not a lawyer, so my opinions will not be backed up with any more substance than what's written here. I'm only voicing my opinion based upon my experience in this field, and upon what my legal counsel has told me. Mike Messick Chief Technology Officer Digital Securus http://www.digitalsecurus.com On Fri, 7 Oct 2005, jay.tomas () infosecguru com wrote:
Betcha a lot of folks will have some opinions on this one. http://news.zdnet.co.uk/internet/0,39020369,39226979,00.htm Jay
------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Interesting conviction jay.tomas () infosecguru com (Oct 07)
- Re: Interesting conviction Mike Messick (Oct 08)
- Re: Interesting conviction Rogan Dawes (Oct 09)
- Re: Interesting conviction Stu Thomas (Oct 09)
- Re: Interesting conviction Stu Thomas (Oct 09)
- Re: Interesting conviction David Dischler (Oct 09)
- Re: Interesting conviction Rogan Dawes (Oct 09)
- <Possible follow-ups>
- Re: Interesting conviction b . hines (Oct 08)
- Re: Interesting conviction b . hines (Oct 08)
- RE: Interesting conviction Jason (Oct 09)
- RE: Interesting conviction Craig Wright (Oct 09)
- RE: Interesting conviction Craig Wright (Oct 10)
- Re: Interesting conviction Mike Messick (Oct 08)