lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 27 Apr 2010 23:43:13 -0400
From: Christopher Gilbert <motoma@...il.com>
To: J Roger <securityhocus@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: redefining research: vulnerability journalism

As Chen found out, simply stating "I'm a journalist" will not save your
computer when armed men come knocking on your door to execute a search
warrant.

I'm not sure your interpretation holds up; the protections that Wired
alluded to states an exception if "there is probable cause to believe that
the person possessing such materials has committed or is committing the
criminal offense to which the materials relate..." [1]

But I'm no lawyer.

[1] http://www.law.cornell.edu/uscode/42/2000aa.html
<http://www.law.cornell.edu/uscode/42/2000aa.html>

On Tue, Apr 27, 2010 at 6:31 PM, J Roger <securityhocus@...il.com> wrote:

> Discovered a security flaw in a production system you had no authority or
> permission to audit? Afraid to disclose the information for fear of
> prosecution? Don't stress too much, you have some protection if you redefine
> yourself as a "vulnerability journalist"
>
> According to a recent Wired article on the "stolen" Apple iphone fiasco,
>
> The federal Privacy Protection Act prohibits the government from seizing
>> materials from journalists and others who possess material for the purpose
>> of communicating to the public. The government cannot seize material from
>> the journalist even if it’s investigating whether the person who possesses
>> the material committed a crime.
>>
>> Instead, investigators need to obtain a subpoena, which would allow the
>> reporter or media outlet to challenge the request and segregate information
>> that is not relevant to the investigation.
>>
> Perhaps the "journalist" title isn't even necessary thanks to the "and
> others" bit there but it also couldn't hurt, besides it sounds kind of cool
> right. Now this of course doesn't imply that you can't be prosecuted for a
> crime, just that they can only use subpoenas and not warrants. Naturally,
> being a ethical and moral vulnerability journalist you would never rm any
> incriminating evidence as part of the process to "segregate information that
> is not relevant to the investigation."
>
> Out: Narcissistic Vulnerability Pimp
> In: Vulnerability Journalist
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ