Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

RE: A single line drawn by Picasso, an Iraqi artist,and a buffer overflow.

From: Chris Wysopal <weld () vulnwatch org>
Date: Thu, 9 Jun 2005 13:03:59 -0500 (EST)


On Thu, 9 Jun 2005, john blumenthal wrote:


So we can agree that exploits are not considered art or speech?  At least in
some circles.  I see this line of thinking as more back to the future from
encryption regulation on key lengths.


US cryptography export restrictions do still exist.  You cannot export
cryptanalytic software, which is essentially offensive cryptography.
Password crackers fall into this category.


Note that I probably cannot claim constitutional protections in the U.S. for
something I am "expressing" in Tuvalu, so that defense is unlikely.


There actually is an exception in the EAR for printed software.  There are
no restrictions of exporting encryption source code in printed form! There
are also new exceptions for software available as open source.

But exploits are not illegal now.  I just wonder how the government would
treat the situation if someone was profitting from selling exploits to
terrorists and foriegn governments and harm came of that sale.

-Chris

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: