lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu, 24 Jul 2008 12:56:24 -0400
From: Valdis.Kletnieks@...edu
To: n3td3v <xploitable@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Comments on: DNS exploit code is in the wild

On Thu, 24 Jul 2008 16:17:08 BST, n3td3v said:

> This whole HD Moore savior of info sec thing has gone on long enough,
> its time to see him for what he is and get him slammed up in jail
> along with his counterpart |)ruid.

I'll point out that you happen to live in the country that invented the
concept of "habeus corpus".  In other words, you cant slam him in jail
unless you actually *charge* him with something.

Please tell us which countr(y|ies) you intend to have him charged, and what
offense.  Specific references to statutes would be appreciated (for starters,
I'll help you out and point out that in the US, he probably could *not* be
charged under 17 USC 1201 (the DMCA anti-circumvention clause), nor under 18
USC 1030 (the primary federal anti-hacking statute), unless you have actual
evidence that HD personally hacked into a computer covered by 18 USC 1030. You
run into similar issue with 18 USC 2701 (access to stored communication).

You *might* be able to make a case under 18 USC 2512 (dealing in devices for
intercepting communications), except that there's the nasty clause "knowing or
having reason to know that the design of such device renders it primarily
useful for the purpose of the surreptitious interception of wire, oral, or
electronic communications;" - and you'd fail on the "primarily" because there's
lots of *other* uses for Metasploit.

He *is* probably in violation of 36 USC 117, 7 USC 411b, and 26 USC 7523(a)(1),
however.

Content of type "application/pgp-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ