Identity Theft is the fastest growing crime in the US according to the FBI
 

Arrested For Security Research?

Written by OSAblog on Wednesday, April 22nd, 2009

Anyone who has ever done serious security research reached the line that separates good from evil. If you are working with phishing emails you get links to bad web sites. If you research security holes you deal with exploits. If you are researching botnets you are up to your neck in sensitive information that was obtained illegally.

I’m sometimes asked if we ever get ‘tempted’ to cross over. The answer is simple: we may think like criminals and sometimes emulate their work, but it never ever enters our mind to do something malicious. Finding a SQL injection exploit that gives you full access to the database is fun; using this information to steal money or order items for free is light years away from what we do.

But not everyone understands that, and that’s scary. A member of THC got pulled over at Heathrow airport by the UK government. The story has a happy ending, but it must have been scary, not to mention frustrating.

My good friend Zvi Gutterman found weaknesses in the Windows and Linux PRNG. Breaking the PRNG has consequences – while top-secret crypto systems will not use the standard Windows or Linux random number generators, who knows if there is a simple Linux based basic communication device used in one of the governments? An applicable weakness in the PRNG may have a serious impact and they might decide that shutting up Zvi is easier than replacing all their units.

If you think the previous paragraph is a paranoid conspiracy theory, lets talk about investigating the links that pop up whenever we deal with botnets, phishing and malware. The police are demonstrating zero tolerance for child porn, usually by arresting anyone who has visited such an illegal web site. How will you explain to your family, when they see you on the 8 o’clock news arrested on charges, that you are not a dangerous criminal and that you had no idea the link you clicked was to a nasty site?

There will be more incidents like the THC one. Security professionals can tell the difference between a proof of concept device to show how vulnerable GSM encryption is and an illegal wiretapping device. But the law officials can’t, and often don’t seem to care about the difference. Some of the time it’s not even law officials: Fyodor had his site shut down to prevent spreading his nmap tool. Dmitry Sklyarov was arrested in Las Vegas for breaking the PDF encryption. In the Fyodor incident the decision was made by godaddy. In the Dmitry Skylarov case it was Adobe who got the court order.

I wouldn’t want to see security research being a licensed profession (like a private detective license or a license to carry a firearm) – I’ve seen brilliant teenagers who think out of the box and find vulnerabilities no one else can, but are not old enough to drive a car. So what else can we do to make sure we hold a ‘get out of jail’ card?

Article Source:http://www.articlesbase.com/security-articles/arrested-for-security-research-878232.html

Share and Enjoy:
  • Digg
  • del.icio.us
  • Facebook
  • NewsVine
  • Reddit
  • StumbleUpon
  • Google Bookmarks
  • Yahoo! Buzz
  • Twitter
  • Technorati
  • Live
  • LinkedIn
  • MySpace
  • E-mail this story to a friend!
  • RSS
  • Turn this article into a PDF!

Welcome back! You may want to subscribe to my RSS feed. Thanks for visiting!

  • Share/Bookmark

If you enjoyed this post, make sure you subscribe to my RSS feed!

Blog Traffic Exchange Related Posts
  • How much is Too Much: Internet Protection Today’s internet usage has reached an all-time high. People from all walks of life, no matter young or old, are beginning to enjoy the fact of exploring the millions of sites available.  From Facebook to Twitter, we all seem to enjoy it! But, browsing sites such as these aren’t as......
  • Why Use Privacy Control Software to Protect Your Privacy? Privacy Control software is a form of software that permits individuals to securely clean and remove the information that they no longer want on their computer.  This is a very important and necessary tool for anyone concerned about the privacy of their data since many of Windows’ history and file......
  • Best Security Solution for your Laptop Security Laptops, which now-a-days a have become the prime target of thefts and security breaches can be secured by using various laptop security measures. Now-a-days only software or only hardware laptop security is not enough for protecting the computer. A combination of both is considered to the best security solution that......
  • The Principal Fact Exposed Concerning Adware You are right when you consider of the various advertisements spread all over the net as you hear the phrase adware. The technical professionals are very much accustomed with the name adware. For the fundamentals, adware stands for advertising-supported software. The adware downloads, displays, or plays all possible promotion materials......
  • Virtualisation Security - The How To Guide - Part 3 OVERVIEW In this the third technical article from Orthus that summarises much of the platform focused industry research that has taken place as regards issues associated with the security of virtualisation platforms, we outline the second  of three categories of virtualised platform specific vulnerabilities, namely that of virtual machine environment......
Blog Traffic Exchange Related Websites
  • Bob Hope Al HirschfeldBob Hope Stamp Many collectors looked forward to the debut of the Bob Hope stamp on May 29, 2009. Not only stamp collectors, but also fans of comedy in general and Bob Hope in particular anticipated the stamp's release. The history of the Bob Hope stamp release and the first day cancellation caricatures......
  • guestblogOne Of The Reasons I Wrote Solstice Surrender (Not the Obvious, Either) by Tracy Cooper-Posey, guest blogger and author of Solstice Surrender. I was sitting staring out the front windows this morning, looking at the winter landscape before my husband headed off to work and I headed down to my office, and I remembered one of the reasons I wrote Solstice......
  • Network flaw causes scary Web errorNetwork flaw causes scary Web error [/caption] SAN FRANCISCO (AP) —A Georgia mother and her two daughters logged onto Facebook from mobile phones last weekend and wound up in a startling place: strangers' accounts with full access to troves of private information. The glitch -- the result of a routing problem at the family's wireless carrier,......
  • US concerned by Australian Internet filter planUS concerned by Australian Internet filter plan [/caption] CANBERRA, Australia – The United States has raised concerns with Australia about the impact of a proposed Internet filter that would place restrictions on Web content, an official said Monday. The concerns of Australia's most important security ally further undermine plans that would make Australia one of the strictest......
  • Passwords Security | How To Safely Store Passwords Every Thursday I answer a reader’s question.  If you want to ask a question, you can contact me.  I had a question this week that I didn’t want to answer.  Here is the question: I'm still very reluctant to turn over passwords to all my private accounts to a software......
 

Leave a Comment

CommentLuv Enabled

« Don’t Let TotalSecurity Fool You! | Home | 71 Webmaster Tools All For Free »