RE: Interesting conviction

From: Jason (securitux@gmail.com)
Date: Sun Oct 09 2005 - 10:16:50 EDT


He didn't have authorization to access that web site for pen testing, so he
got charged. This is an open and shut case, IMO. Not much to argue about.
Anyone who goes beyond the scope of the contract they have with a company
for a pen test can be charged for misuse. This is why a good pen tester or
any security professional worth their salt will have a contract written out
clearly stating what will be done, and have a lawyer look at it before
getting the client to sign it.

-J

> Betcha a lot of folks will have some opinions on this one.
>
> http://news.zdnet.co.uk/internet/0,39020369,39226979,00.htm
>
> Jay
>
>
> ----------------------------------------------------------------------
> -------- Audit your website security with Acunetix Web Vulnerability
> Scanner:
>
> Hackers are concentrating their efforts on attacking applications on
> your website. Up to 75% of cyber attacks are launched on shopping
> carts, forms, login pages, dynamic content etc. Firewalls, SSL and
> locked-down servers are futile against web application hacking. Check
> your website for vulnerabilities to SQL injection, Cross site scripting
and other web attacks before hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
----------------------------------------------------------------------------

---
----------------------------------------------------------------------------
--
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for
vulnerabilities to SQL injection, Cross site scripting and other web attacks
before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
----------------------------------------------------------------------------
---
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:03 EDT