[Courses] [Security] Nmap -- looking from the outside in

Raven, corporate courtesan raven at oneeyedcrow.net
Mon Mar 11 17:31:45 EST 2002


Heya --

Quoth Jp Calderone (Mon, Mar 11, 2002 at 03:47:47PM -0500):
> I think it's worth noting that under the P.A.T.R.I.O.T. Act that
> "heavy sentence" is basically "life in prison" (Lots of stuff I'd like
> to tack on here but I guess this isn't really an appropriate forum for
> political debate).  So if you plan to do _anything_ it's probably a
> good idea to get permission for a lot of people in important places in
> the organization you'll be doing it to; I'd go as far as to get
> written permission myself.

	Yeah.  If you're planning on doing anything like this in a
professional capacity, it's usually called "vulnerability assessment and
penetration testing".  If someone called me and wanted to hire me as a
security consultant, I'd want a signed letter from a Vice-President or
higher giving explicit permission before having a go at it.  You want to
make sure that the person signing off on it is authorized within their
company to do so, because you'll be the one in hot water if they're not.

	If you're doing this for your own computer, of course you don't
need that.  And if you're not a US resident, it would be worth your time
checking into the laws about hacking in your country.  China, for
example, is very restrictive.  I believe Holland is pretty much
"anything goes".  But if you're thinking of using these skills
professionally, please make sure you cover your bases and check both
your local laws and the laws for where the server you're looking at is
located first.

	Stupid law.  (And that's my editorial comment on the matter.)

Cheers,
Raven
 
"Sed, sed, awk.  Like duck, duck, goose.  Sync, sync, halt.  It's the
 order of nature."
  -- me, after too long a day at work



More information about the Courses mailing list