Full Disclosure mailing list archives
redefining research: vulnerability journalism
From: J Roger <securityhocus () gmail com>
Date: Tue, 27 Apr 2010 15:31:57 -0700
Discovered a security flaw in a production system you had no authority or permission to audit? Afraid to disclose the information for fear of prosecution? Don't stress too much, you have some protection if you redefine yourself as a "vulnerability journalist" According to a recent Wired article on the "stolen" Apple iphone fiasco, The federal Privacy Protection Act prohibits the government from seizing
materials from journalists and others who possess material for the purpose of communicating to the public. The government cannot seize material from the journalist even if it’s investigating whether the person who possesses the material committed a crime. Instead, investigators need to obtain a subpoena, which would allow the reporter or media outlet to challenge the request and segregate information that is not relevant to the investigation.
Perhaps the "journalist" title isn't even necessary thanks to the "and others" bit there but it also couldn't hurt, besides it sounds kind of cool right. Now this of course doesn't imply that you can't be prosecuted for a crime, just that they can only use subpoenas and not warrants. Naturally, being a ethical and moral vulnerability journalist you would never rm any incriminating evidence as part of the process to "segregate information that is not relevant to the investigation." Out: Narcissistic Vulnerability Pimp In: Vulnerability Journalist
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- redefining research: vulnerability journalism J Roger (Apr 27)
- Re: redefining research: vulnerability journalism Christopher Gilbert (Apr 28)