lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5458.1317776729@turing-police.cc.vt.edu>
Date: Tue, 04 Oct 2011 21:05:29 -0400
From: Valdis.Kletnieks@...edu
To: noloader@...il.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: VPN providers and any providers in general...

On Tue, 04 Oct 2011 03:15:02 EDT, Jeffrey Walton said:
> On Tue, Oct 4, 2011 at 3:06 AM, Ferenc Kovacs <tyra3l@...il.com> wrote:

> > As I mentioned before it is hard to expect that a VPN provider will
> > risk his company for your $11.52/month, and maybe they would try it
> > for some lesser case, but what Lulsec did was grant, so I'm not
> > surprised that they bent.
> 
> "Alleged"

Yes. So?  In most jurisdictions, "alledged" and "probable cause" is sufficient
to get a court to sign off on a subpoena and/or warrants.

"Dear Judge:  On Aug 23, a hacker using the handle "JustFellOutOfTree" did
violate Section N, Clause X.Y of the criminal code by hacking into
BigStore.com.  The connection was traced back to the provider VPNs-R-Us.  We
would like a court order requesting VPNs-R-Us to provide any and all
information they may have regarding this user".

That will usually do it (after bulked up to about 3 pages with legalese and
dotting the t's and crossing the i's).

The next morning, the manager at VPNs-R-Us gets to his office, and finds
two guys with guns and a signed piece of paper.  At which point one of two
things will happen:

1) the guy rolls and gives up all the info.
2) the guy calls his lawyer and makes sure that he gives up all the required info,
and not one byte more.

(Option 3 - the guy heads downtown on a contempt of court charge - happens so
rarely that it's basically a hypothetical).


Content of type "application/pgp-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ