lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CAKG5KgxJVT-RELrVky1y1oEpig8nJ8-3aoD5MRoMimwoJ6jBTQ@mail.gmail.com>
Date: Thu, 31 Jul 2014 17:54:26 -0500
From: Trey Ford <trey@...onnaille.com>
To: fulldisclosure@...lists.org
Subject: [FD] Legal Threats and Investigation

Hey FD-List,

I’m writing with a slightly unorthodox request. I’m looking for security
researchers that have had a brush with the CFAA (Computer Fraud and Abuse
Act). I’m confident that many of you have faced legal threats at some point
or another in your work and play – and I’d like to hear about it.

More specifically, threats made under CFAA and other hacking related laws
can carry civil or criminal terms. (
http://litigation.findlaw.com/filing-a-lawsuit/civil-cases-vs-criminal-cases-key-differences.html)
In my time at Black Hat I heard more about civil threats than criminal –
and now I’m interested in learning more about people that have faced
prosecution or investigation on the criminal side.

What is obvious to our community is that legal threats of almost any kind
force us to ask the question, “Is this work really worth doing?” I don’t
know too many of my industry friends that I think would fare well in the
clink.

It is experiences like this that highlight the lack of understanding around
the work we do as an industry, and the value of security research. It also
brings focus to a lack of consistency and transparency in what people
consider “bona fide” research.  I am confident that learning more about
examples that were considered worth investigating will help us challenge
assumptions and highlight the value of those research efforts.

If you have a story, we want to hear it… and if you would prefer to stay
anonymous, that’s completely fine.

Please – respond to me directly via email.

Warmly,
~trey ford

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ