lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 5 Oct 2006 15:35:20 -0400
From: "Fetch, Brandon" <BFetch@...pac.com>
To: <Valdis.Kletnieks@...edu>,
	"J. Oquendo" <sil@...iltrated.net>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Truths in "Truth in Caller ID Act"

The biggest part of this legislation is the fact it was never officially
illegal to spoof your caller-ID information before.

Now that it's illegal, you can be charged with it and that "point of
inquiry" can then trigger any number of events to determine the depths
of your criminality (is that a word?).

Just a case of closing the loopholes that are/were used/exploited to
perform further malfeasance on unsuspecting victims.

Like Valdis noted: Capone was put away for tax evasion not violent
crime.

We're going to be seeing another similar law coming down the river soon
regarding pretexting.  Pretexting had not been defined as being illegal
as of yet but here, post-HP, it will soon be.

Thanks,
Brandon

-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of
Valdis.Kletnieks@...edu
Sent: Sunday, October 01, 2006 8:53 PM
To: J. Oquendo
Cc: full-disclosure
Subject: Re: [Full-disclosure] Truths in "Truth in Caller ID Act"

On Sun, 01 Oct 2006 13:41:56 CDT, "J. Oquendo" said:
> "It shall be unlawful for any person within the United States, in
connection 
> with any telecommunications service or VOIP service..."

> 1) Teleco/VoIP service is out of bounds here. 2) The User who
initiated the
> command is logged from an address somewhere over the rainbow
(Tor+Privoxy). 3)
> "within the United States" which? The person, or the telco/VoIP
provider? Does
> it have to be both - person and provider. Sounds broad to me.

No, you're intentionally reading it other than what the legal guys will
do.

The prosecutor can charge *each and every person involved* who is both

a) within the US and
b) took an identifiable action which lead to the event.

The person who made the request obviously took an action that lead to
the event, and if they're inside the US, they may have a problem.

The provider took an action (by providing the service) and if they're
inside
the US, they may want to find a lawyer that can create a good theory of
why they aren't culpable as well.

>  2) Me being the provider, I didn't initiate the spoof, I provided a
service.
> Should I be held accountable for upholding the right to privacy?

You took an action which caused the forged caller ID to be sent.  Better
hope
that the Congressman doesn't have friends over at Dept of Justice who
can
make your life miserable.

Also, please note that you're arguing the wrong right - the "right to
privacy"
would be applicable if you were trying to protect the person from a
Congressman
who was trying to prove the person slept with a political rival or
similar.
What you *wanted* to be supporting was the First Amendment right to
anonymous free speech.

> Let's take the case of someone blowing the whistle on government
corruption. 
> History has shown their life will be ruined.

Sucks to be a whistleblower.


This message is intended only for the person(s) to which it is addressed 
and may contain privileged, confidential and/or insider information. 
If you have received this communication in error, please notify us 
immediately by replying to the message and deleting it from your computer. 
Any disclosure, copying, distribution, or the taking of any action concerning
the contents of this message and any attachment(s) by anyone other 
than the named recipient(s) is strictly prohibited.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ