lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri Dec 30 04:25:31 2005
From: leife at dls.net (Leif Ericksen)
Subject: complaints about the governemnt spying!

to sum it all up...
1 giant catch 22.
You are damned if you do and you are damned if you do not.


--l

On Thu, 2005-12-29 at 16:35 -0500, bkfsec wrote:
> Leif Ericksen wrote:
> 
> >It comes back to ignorance of the law is no excuse.
> >
> >  
> >
> Ahh, but there's a BIG difference between willful or unwillful ignorance 
> and intentional ignorance.
> 
> It's one thing to not know a law that you should know; it's a completely 
> different thing to be blocked from knowing the law and expected to 
> respect it.
> 
> For instance, in securing networks, corporate security personnel in the 
> United States should be familiar with Sarbanes-Oxley and the like, at 
> least in passing.  Compliance is expected because compliance can be 
> tested.  Not being aware of the requirements of Sarbanes-Oxley is not an 
> excuse because the law is readily available and transparent.  However, 
> if the government passed Sarbanes-Oxley and then turned around and said 
> "But for security reasons, the requirements are classified and even the 
> judges can't see them without clearance..." that would be different.
> 
> How can you guarantee compliance with a behavior when you don't have 
> access to the standard?
> 
> This is no different than any other standard of behavior.  If people are 
> not allowed to know the laws, they have no way to verify their 
> complicity with them.   I respectfully submit that the situations are 
> different in their entirety and that in the case of a classified law, 
> ignorance is intentionally created as a function of the creation of the law.
> 
> Such things cannot simply be written off.
> 
>                   -bkfsec
> 
> 
-- 
Leif Ericksen <leife@....net>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ