-----BEGIN PGP SIGNED MESSAGE----- On Mon, 6 Aug 2001 tarekat_private wrote: > I have been hired by a very big company owned by a very influential > political figure in my country to do some penetration testing from > outside their network. <snip> > What clauses should the contract comprise so I wouldn't be vulnerable to > prosecution in the case that I employ normal penetration "e-"methods? Simple. Get a letter of authorization from your customer on their letterhead with the necessary wet ink signature(s) from the cognizant party (or parties) who can authorize you to do the tests. This is known as a "get out of jail free" letter. Take the letter and pass it by your company's lawyers. If everything looks good, then proceed. If you can't get your customer to sign off on the terms of the job, make it clear that you can't do the test. Period. There's no reason for you to put your hide on the line if they aren't even willing to back you up if push comes to shove. - -Jay ( ( _______ )) )) .-"There's always time for a good cup of coffee."-. >====<--. C|~~|C|~~| (>------ Jay D. Dyson - jdysonat_private ------<) | = |-' `--' `--' `-Speak softly and carry a thermonuclear warhead.-' `------' -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: See http://www.treachery.net/~jdyson/ for current keys. iQCVAwUBO3BsoblDRyqRQ2a9AQEA0AP+Le72+N68YRoyNrXtjHF9/V17F8cX23tw utZ2G6CcJSFCmThAksHjb4uDC/Juxc79YPogpWqxZP4r/1TVaCN7lDLTEBliCMDQ u+Aq6kf0NmGT/hamjenz8XF1LVP+e/IQJxua63ET5b++C4nINkzpEq/qAnwnLTNn sP9ZpaNZH+I= =gBDY -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Wed Aug 08 2001 - 10:33:51 PDT