lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <a0600200bbb98d336c77e@[128.220.149.122]>
Date: Thu, 25 Sep 2003 13:29:14 -0400
From: Frank Nospam <fuy1@...c.edu>
To: Justin Hahn <jeh@...fitlogic.com>
Cc: BUGTRAQ@...URITYFOCUS.COM
Subject: RE: Does VeriSign's SiteFinder service violate the ECPA?


At 10:47 AM -0400 9/25/03, Justin Hahn wrote:
>As an aside, I find it very curious that people characterize HTTP
>traffic done in the clear (i.e. unencrypted) on the public internet
>as private data. If I shout my Social Security Number out loud in

Your premise is unacceptable. By this reasoning, would you consider
 it okay for the major backbone carriers to intercept any cleartext
 sent across their lines and pass the data to marketers/Ashcroft/etc?

HTTP may not be encrypted, but it is point-to-point, not broadcast.


>I'd be careful making legal arguments, but I suspect that if Verisign is
>doing anything with this data they are justifying it as being "Public" and
>that if people are foolish enough to transmit "Private" data in a "Public" 
>medium they can't be held liable. (But of course, that's for the courts to

IANAL either, but I would consider it much closer to wiretapping.
 Verisign is NOT the intended recipient of typo traffic, but it is
 intentionally gathering that data.


-- 
JHU CTY Distance Education - Math Courses http://cty.jhu.edu/tutorials


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ