alt Hacker News> I mean was it really unauthorized access (they called it “hacking” of course) if his user account literally had permission to map network drives?
My expectation is that laws probably specify that gaining access that you know you’re not supposed to be able to get is probably illegal, but I get your point.
Reminds me, however, of the pen-testers that got hired to infiltrate a court system and got harassed by a prosecutor despite having explicit approval to conduct an audit.
https://darknetdiaries.com/episode/59/
Our judicial system is ludicrous.
Replies
If someone didn't question, or otherwise call out, the pentesters activity, that would have been a blemish against the security training of the org being pentested. This is why pentesters need a way to immediately escalate to the hiring party, to satisfy legit concerns over access and ensure those claiming to be pentesters legitimately are.
The Florida Computer Crimes Act was passed in 1978 so as you can imagine it’s very draconian. I’m pretty sure it was a misdemeanor for 16-year-old me to boot Linux from a live USB as a means to get around the IE-only web filter the school district used.