lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu Dec 29 21:35:21 2005
From: bkfsec at sdf.lonestar.org (bkfsec)
Subject: complaints about the governemnt spying!

Leif Ericksen wrote:

>It comes back to ignorance of the law is no excuse.
>
>  
>
Ahh, but there's a BIG difference between willful or unwillful ignorance 
and intentional ignorance.

It's one thing to not know a law that you should know; it's a completely 
different thing to be blocked from knowing the law and expected to 
respect it.

For instance, in securing networks, corporate security personnel in the 
United States should be familiar with Sarbanes-Oxley and the like, at 
least in passing.  Compliance is expected because compliance can be 
tested.  Not being aware of the requirements of Sarbanes-Oxley is not an 
excuse because the law is readily available and transparent.  However, 
if the government passed Sarbanes-Oxley and then turned around and said 
"But for security reasons, the requirements are classified and even the 
judges can't see them without clearance..." that would be different.

How can you guarantee compliance with a behavior when you don't have 
access to the standard?

This is no different than any other standard of behavior.  If people are 
not allowed to know the laws, they have no way to verify their 
complicity with them.   I respectfully submit that the situations are 
different in their entirety and that in the case of a classified law, 
ignorance is intentionally created as a function of the creation of the law.

Such things cannot simply be written off.

                  -bkfsec


Powered by blists - more mailing lists