Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Fwd: HBGary Mirrors?
From: "Cal Leeming [Simplicity Media Ltd]" <cal.leeming () simplicitymedialtd co uk>
Date: Fri, 18 Feb 2011 19:11:44 +0000

I'm wondering along the same lines as Thor, based on intent. One of those
"don't take the piss or the judge is gonna own you" scenarios that would be
tested in court on a per trial basis. Like, if the files were known to
contain encrypted info, and if it was proved that you knew the contents of
those files, then you would be held liable.

@Charles: luckily for me, this is all academic as I've kept as far away as
possible from this hbgary thing :P

On Fri, Feb 18, 2011 at 6:57 PM, Charles Morris <cmorris () cs odu edu> wrote:

Sorry, when I say eligible, I mean "which server would they be allowed to
take down by law?".
I'm not too hot on the laws of encryption, but I'm sure there is
something
which states that hosting encrypted files are not illegal, it's
distributing
the key which allows you to gain access to those fails, which is actually
illegal.
*DISCLAIMER: I don't know if the above is true or not, so apologies if I
got
this wrong*


Attempt A:
Cal, I'm not sure on this point off-the-cuff, however encrypted files
should* be
indistinguishable from random data, so assuming that even if a given LEE
has obtained the key and knows that your distributed data is "illegal", you
could be held blameless as you have no feasible way to know what the data
was.

Attempt 2:
You could also consider a key and an algorithm a "transform" for a set of
random
bits, such that once the transform is applied to those bits it would
result in something
"bad", so you aren't actually distributing "encrypted" "files" at all..

just random bits :D

*DISCLAIMER: The above will PROBABLY NOT hold in court, so apologies
if you get jailed for life

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault