.

Security Research Questions

<<

millwalll

Post Mon Oct 31, 2011 4:48 am

Security Research Questions

Hi all,

I wanted to see if someone could shed any light on this subject. How does one do security research without breaking any laws. How do you know that what you are doing may or may not be breaking your local law.
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Mon Oct 31, 2011 8:23 am

Re: Security Research Questions

To be safe, just make sure you're not doing things on systems or networks you don't own. Keep it all in house in labs and you'll be fine. The laws vary depending on where you live.
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Mon Oct 31, 2011 6:35 pm

Re: Security Research Questions

If you live in the United Kingdom (UK), and a few other countries in Europe, there's actually a few more laws that applies. In some countries it is e.g., forbidden to write viruses and trojans, even if you're just researching, and in others it is forbidden to write "hacking tools", and even have them installed! (Which is kind of a joke as telnet preinstalled in pretty much every OS, can be used for many types of hacking, including but not limited to simple buffer overflows and web application security. The time spent using this program would of course be insane compared to using more adequate and efficient alternatives of course.)  ;)

cd1zz wrote:To be safe, just make sure you're not doing things on systems or networks you don't own. Keep it all in house in labs and you'll be fine. The laws vary depending on where you live.


Exactly what I would say and recommend  :)


References:
http://tech.blorge.com/Structure:%20/20 ... s-illegal/
http://www.theregister.co.uk/2008/01/02 ... _guidance/
I'm an InterN0T'er
<<

White ghost

User avatar

Newbie
Newbie

Posts: 36

Joined: Sun Oct 30, 2011 11:21 am

Location: ASIA

Post Tue Nov 01, 2011 9:13 am

Re: Security Research Questions

same as MaXe

you must know what are you doing!!!!!!!!!!!!!!!!!!!!!!!!!
MCITP CCENT
<<

eth3real

User avatar

Sr. Member
Sr. Member

Posts: 309

Joined: Wed Feb 27, 2008 10:35 am

Location: US

Post Thu Nov 03, 2011 6:11 pm

Re: Security Research Questions

This is a great question.

I agree with cd1zz and MaXe, never test on networks other than your own, and for your own safety, it's good to stick to virtual machines, or machines that are setup specifically for your research (you don't want to unintentionally leak any personal data).

Some recently pointed out De-ICE images to me, they're Linux LiveCD images with particular scenarios already setup for you to test your skills. I haven't been able to give them a shot, yet, but they seem promising. I know there are also websites that provide testing environments for web vulnerabilities.
Put that in your pipe and grep it!
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Fri Nov 04, 2011 9:37 am

Re: Security Research Questions

The De-ICE images are pretty cool.  They start "easy" and become much more difficult. 

Jamie are you looking more for finding 0 day type stuff?  For instance... you are surfing say... Target's website, and you find a flaw in the site that could allow for leaking of PII or the ability to perform an SQLi or XSS exploit.  You want to notify them but you do not want to be brought up on charges for breaching the site and stealing any information.  You looking for something like that? 

Otherwise, yes the best method is the lab environment.  If you want to research malware, the lab also applies.  Getting live samples can be a bit of a chore but there are sites out there.  I would advise putting on the invisibility cloak when hunting for them.
Certs: GCWN
(@)Dewser

Return to Other

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software