Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: go public to avoid jail
From: J Roger <securityhocus () gmail com>
Date: Mon, 3 May 2010 10:29:47 -0700

In the United States the burden of proof is on the prosecution, not the
defense. Stephen was innocent until proven guilty.

I'm suggesting Stephen could have released his tool to the public so anyone
authorized to audit cardholder data environments could have used it.

What he did was the same thing as someone supplying burglar tools
to someone, knowing that they're going to break into someone's house


If the tool was released publicly, and not just to Mr. Gonzales, would the
prosecution be able to prove beyond a reasonable doubt, that this scenario
took place and not just that Mr. Gonzales used a publicly available tool his
friend happened to have created and distributed publicly, to commit his
crimes?


Where do you get that idea?  Under what legal theory do you postulate
that?


Common sense

He still knew his software was going to be used by a known
individual, WHO TOLD HIM BEFOREHAND, that he was going to use the
software to rip people off.  That makes him liable, period.


Could the prosecution prove this is the case if the tool wasn't distributed
only to Gonzales? Releasing the tool publicly could help the defense argue
the point that he was told beforehand, that he knew it would be used to rip
people off, etc.

no amount of twisting the facts is going to convince a
judge otherwise.


 The defense doesn't need to convince the judge that Stephen is a saint,
only needs to weaken the prosecutions argument enough.

If your buddy comes to you and says "I'm going to go stab some people
and take their money will you construct for me a custom knife
particularly well-suited for that purpose" and you say "sure, here you
go, heh, no charge this time" and this conversation is recorded as
evidence then both of you are going to get prosecuted.


Could they prove his buddy came to him and said "I'm going to commit crime X
will you provide me with tool Y to do it?" Since the tool was made and
distributed only to Gonzales it was probably pretty difficult to argue the
above scenario did  not occur. If the tool was released publicly and
Gonzales went and downloaded it from PacketStorm along with a thousand other
people that day, proving the above scenario occurred could be more
challenging.

The point is that you
knew this specific knife was intended to be used in for this purpose and
you decided to go out of your way to help.


If the tool was released publicly, how much more difficult would it have
been for the prosecution to prove that you knew the tool was intended to be
used for a particular illegal purpose in a specific case and you went out of
your way to help?


JRoger

On Mon, May 3, 2010 at 9:27 AM, Marsh Ray <marsh () extendedsubset com> wrote:


If your knife is found in a dead body, you've going to have some
explaining to do.

If it turns out that you're a restaurant supply business that sells 3000
of that model knife a week, then you don't have a problem.

If your buddy comes to you and says "I'm going to go stab some people
and take their money will you construct for me a custom knife
particularly well-suited for that purpose" and you say "sure, here you
go, heh, no charge this time" and this conversation is recorded as
evidence then both of you are going to get prosecuted.

No one (seriously, no one) is going to be the least bit impressed by the
"factories sell knives all the time" argument. The point is that you
knew this specific knife was intended to be used in for this purpose and
you decided to go out of your way to help.

Hacking/pen-test tools can definitely push the gray area a bit, but the
custom-knife-in-dead-body example does not.

- Marsh

On 5/3/2010 5:34 AM, Christian Sciberras wrote:
No, I'm being damn realistic. If it weren't me providing a knife to "my
buddy" it would be someone else, or some kitchen drawer.

Also, why do I go to jail, not the shop owner that sold me the knife? Or
the
factory owner?

It's this guy that should be liable to the crime, not the provider.


On Mon, May 3, 2010 at 12:04 PM, Ed Carp <erc () pobox com> wrote:

Oh, stop it.  If you give your buddy a knife, knowing they're going to
go out and stab someone with it, you're going to jail, too.  Stop
playing the fool.




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault