Re: Comments on: DNS exploit code is in the wild

[Valdis.Kletnieks () vt edu]

On Thu, 24 Jul 2008 16:17:08 BST, n3td3v said:

> This whole HD Moore savior of info sec thing has gone on long enough,
> its time to see him for what he is and get him slammed up in jail
> along with his counterpart |)ruid.

I'll point out that you happen to live in the country that invented the
concept of "habeus corpus".  In other words, you cant slam him in jail
unless you actually *charge* him with something.

Please tell us which countr(y|ies) you intend to have him charged, and what
offense.  Specific references to statutes would be appreciated (for starters,
I'll help you out and point out that in the US, he probably could *not* be
charged under 17 USC 1201 (the DMCA anti-circumvention clause), nor under 18
USC 1030 (the primary federal anti-hacking statute), unless you have actual
evidence that HD personally hacked into a computer covered by 18 USC 1030. You
run into similar issue with 18 USC 2701 (access to stored communication).

You *might* be able to make a case under 18 USC 2512 (dealing in devices for
intercepting communications), except that there's the nasty clause "knowing or
having reason to know that the design of such device renders it primarily
useful for the purpose of the surreptitious interception of wire, oral, or
electronic communications;" - and you'd fail on the "primarily" because there's
lots of *other* uses for Metasploit.

He *is* probably in violation of 36 USC 117, 7 USC 411b, and 26 USC 7523(a)(1),
however.

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/