| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 Jan 2013 06:37:30 -0500 From: Jeffrey Walton <noloader@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: how to sell and get a fair price On Wed, Jan 16, 2013 at 5:19 AM, <gremlin@...mlin.ru> wrote: > On 15-Jan-2013 06:28:53 -0500, Jeffrey Walton wrote: > > ... > > > Is it really necessary to stay anonymous? Writing hmmm... articles > > > about vulnerabilities for some (very specific) media and getting a > > > hmmm... fee for that is mostly legal. > > > Opposed to the use of that information... > > I think its a slippery slope in the US. > > I'm happy to reside outside of the US... > > > On one hand, you have, for example, Computer Fraud and Abuse Act > > (FCAA), Digital Millennium Copyright Act (DMCA), and Unlawful > > Intercept. US corporations are rarely prosecuted under the law > > [...] but individuals are regularly prosecuted > > That means, all these activities should not be performed in the US > (and other countries with similar Draconian laws)... Its not so much Draconian laws as it is greedy politicians who take bribes from corporate america to grow their wealth, and then spend the rest of their careers performing fellatio on industry and their special interests (just an observation :). > In general, this problem may be solved using the international division > of labour, when people do only what is legal in their country. Example: > reverse engineering is legal in Russia (unless it is used to create the > competing product), so I can perform it and share the results. Someone > else may then find suspicious code, other people may prove that code is > vulnerable by writing an exploit... In this case, everyone performs in > legal manner - except, obviously, the script kiddies who will use the > ready tool to break something. Its legal in the US, too. Dr. Jon Callas (one of PGP's co-founders) was fortunate (persistent?) enough to have the provisions added to DMCA (PUBLIC LAW 105–304). It has exceptions for reverse engineering and security testing and evaluation. The RE exemption is in Section 1205 (f) REVERSE ENGINEERING. The ST&E exemption is in Section 1205 (i) SECURITY TESTING. Jeff _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists