HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 83 guests and 1 member online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Otherarrow Security Research Questions
EH-Net
May 26, 2012, 10:50:13 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Security Research Questions  (Read 1721 times)
0 Members and 2 Guests are viewing this topic.
Jamie.R
Hero Member
*****
Offline Offline

Posts: 626



View Profile WWW
« on: October 31, 2011, 04:48:32 AM »
Hi all,

I wanted to see if someone could shed any light on this subject. How does one do security research without breaking any laws. How do you know that what you are doing may or may not be breaking your local law.
Logged
OSWP | eCPPT | HackingDojo Nidan
www.jamierougive.co.uk
cd1zz
Sr. Member
****
Offline Offline

Posts: 393


View Profile WWW
« Reply #1 on: October 31, 2011, 08:23:09 AM »
To be safe, just make sure you're not doing things on systems or networks you don't own. Keep it all in house in labs and you'll be fine. The laws vary depending on where you live.
Logged
OSCE | OSCP | OWSP | CISSP
http://www.pwnag3.com
http://www.networkadminsecrets.com
MaXe
Hero Member
*****
Offline Offline

Posts: 507


I've just upgraded myself to a cyborg muahahaa!!1


View Profile WWW
« Reply #2 on: October 31, 2011, 06:35:25 PM »
If you live in the United Kingdom (UK), and a few other countries in Europe, there's actually a few more laws that applies. In some countries it is e.g., forbidden to write viruses and trojans, even if you're just researching, and in others it is forbidden to write "hacking tools", and even have them installed! (Which is kind of a joke as telnet preinstalled in pretty much every OS, can be used for many types of hacking, including but not limited to simple buffer overflows and web application security. The time spent using this program would of course be insane compared to using more adequate and efficient alternatives of course.)  Wink

Quote from: cd1zz on October 31, 2011, 08:23:09 AM
To be safe, just make sure you're not doing things on systems or networks you don't own. Keep it all in house in labs and you'll be fine. The laws vary depending on where you live.

Exactly what I would say and recommend  Smiley


References:
http://tech.blorge.com/Structure:%20/2008/01/03/new-uk-hacking-laws-make-hacking-tools-illegal/
http://www.theregister.co.uk/2008/01/02/hacker_toll_ban_guidance/
Logged
I'm an InterN0T'er
White ghost
Newbie
*
Offline Offline

Posts: 36


Im a ghost from paradise


View Profile
« Reply #3 on: November 01, 2011, 09:13:24 AM »
same as MaXe

you must know what are you doing!!!!!!!!!!!!!!!!!!!!!!!!!
Logged
MCITP CCENT
eth3real
Sr. Member
****
Offline Offline

Posts: 295



View Profile WWW
« Reply #4 on: November 03, 2011, 06:11:44 PM »
This is a great question.

I agree with cd1zz and MaXe, never test on networks other than your own, and for your own safety, it's good to stick to virtual machines, or machines that are setup specifically for your research (you don't want to unintentionally leak any personal data).

Some recently pointed out De-ICE images to me, they're Linux LiveCD images with particular scenarios already setup for you to test your skills. I haven't been able to give them a shot, yet, but they seem promising. I know there are also websites that provide testing environments for web vulnerabilities.
Logged
Put that in your pipe and grep it!
3xban
Sr. Member
****
Offline Offline

Posts: 373


View Profile
« Reply #5 on: November 04, 2011, 09:37:09 AM »
The De-ICE images are pretty cool.  They start "easy" and become much more difficult. 

Jamie are you looking more for finding 0 day type stuff?  For instance... you are surfing say... Target's website, and you find a flaw in the site that could allow for leaking of PII or the ability to perform an SQLi or XSS exploit.  You want to notify them but you do not want to be brought up on charges for breaching the site and stealing any information.  You looking for something like that? 

Otherwise, yes the best method is the lab environment.  If you want to research malware, the lab also applies.  Getting live samples can be a bit of a chore but there are sites out there.  I would advise putting on the invisibility cloak when hunting for them.
Logged
Certs: GCWN
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.344 seconds with 23 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge: Build Security Skills to Protect & Defend

els_130x200fixed2.gif
eLearnSecurity Student Course Now Live!
5% Off with Code
ELS-EH-5

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: EHN_Connect Including SANS Security West 2012 & SANSFIRE 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.