Hello everyone,
Getting into a debate with a buddy and I thought it might be some good questions to bring to this forum.
First question. Is it legal to send people links to websites or programs (malware) which take advantage of vulnerabilities if you are honest about what the link or program does?For example; I send out an email to some one with a message that says, "This email link attachment contains a virus, feel free to open it if you want." And if in fact the email attachment did contain a malicious script or something, would that be illegal?
Second question. Is it legal to send phishing emails that actually do nothing malicious. for example; the CEO of a large company sets up a email account external to the company systems and sends every one in his company an email claiming they have won a billion dollars in the Nigerian lottery. If a employee clicks on the link from their company email account it goes to a website informing them they have just been fired. Would that be illegal?
I feel the first question is no, it is not illegal so long as the malicious program does not do anything harmful, and does not spread beyond the original receivers system. But there is probable a lot of grey area in there.
I feel the second question is also no, it is not illegal so long as the company has very detailed company polices in place with explicit content informing employees they could be terminated for violations such as the one described, and all employees have signed a document claiming they understand said polices. But again, there is a lot of grey area.
What do you ..
Support the originator by clicking the read the rest link below.
