Penetration Testing mailing list archives
Information Assessment Legality
From: bala subramanian <balasurfs () gmail com>
Date: Tue, 12 Oct 2010 10:05:41 +0530
Hi Stephen, I feel both the services that you have mentioned earlier are legal. As both of them are related to information gathering phase. There are some countries, where even the information gathering phase is DEFINED as illegal. It will be good if you stick to some standard methodology like OSSTMM or your company defined agreement signed by both the parties. Bala. On Mon, Oct 11, 2010 at 8:35 AM, Stephen <stephen () greyhat-security com> wrote:
Hi all, we're considering offering 2 new services at Greyhat-Security, but wanted to know quite simply whether they'd be legal or not. I imagine they would be, but I'd appreciate if anyone could offer their views and experiences, or preferably, reference to the relevant laws. The services are: a) A personal information integrity check. The client pays us to conduct a review of all their personal information on the internet, where it's located, and the impact that could have on them or their business. b) A information review on a target. The client pays us and provides us with a starting point (a targets email, website, etc), and we find out as much as we can about said target using provided information, then provide the client with a report. Now, I would assume that option A is legal, as the person is requesting information on themselves, and we'd be using already publicly available information, however, I just wanted to confirm this, and whether a special license would be needed. Option B I would also assume would be legal, as services like Intelius do a similar thing (publicly available information on anyone at a cost), however, I wanted to know if there were special licenses needed, and whether we would be responsible if that information were used to commit a crime, or not? Thank you all for your input. -- Stephen CEO of Greyhat-Security.com Education, Assessments, and Community Phone (Skype): +618 8121 7403
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Information Assessment Legality Stephen (Oct 11)
- Re: Information Assessment Legality Michal Zalewski (Oct 12)
- Re: Information Assessment Legality Stephen (Oct 12)
- Re: Information Assessment Legality anthony . cicalla (Oct 12)
- Message not available
- Re: Information Assessment Legality Stephen (Oct 12)
- Re: Information Assessment Legality Michal Zalewski (Oct 12)
- Message not available
- Information Assessment Legality bala subramanian (Oct 12)
- Re: Information Assessment Legality Stephen (Oct 12)
- RE: Information Assessment Legality Brad Bemis (Oct 13)
- Information Assessment Legality bala subramanian (Oct 12)
- Re: Information Assessment Legality Joe Peters (Oct 13)
- Re: Information Assessment Legality Stephen (Oct 13)