| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20120117141300.0cb8084b@terabyte>
Date: Tue, 17 Jan 2012 14:13:00 -0500
From: Benjamin Kreuter <ben.kreuter@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Full-Disclosure Digest, Vol 83, Issue 21
On Tue, 17 Jan 2012 12:28:11 -0500
Valdis.Kletnieks@...edu wrote:
> Basically, you use a flaw to extract secret info from a "protected
> computer", and you aren't an authorized pen tester with a signed "get
> out of jail free" card from the owner of the computer, you just
> bought yourself a felony rap.
Looking at that law, I am not even sure that you need to use a flaw to
extract secret info. It looks like something as simple as transmitting
a message to each user that dictates what they are authorized to do is
enough to trigger the law. If I tell you that you are only allowed to
access pages on my site by clicking on links from the index.html page,
and you try entering some other URL, it looks like that would be a
felony -- IANAL though, so perhaps a lawyer can weigh in on this?
-- Ben
--
Benjamin R Kreuter
UVA Computer Science
brk7bx@...ginia.edu
--
"If large numbers of people are interested in freedom of speech, there
will be freedom of speech, even if the law forbids it; if public
opinion is sluggish, inconvenient minorities will be persecuted, even
if laws exist to protect them." - George Orwell
Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists