Computer and network security articles and hacking prevention resources for the government.

Security Whitepapers

Beginner Security Articles

Network Security Jobs

Consultants Directory

Exploit Articles

Internet Anonymity

General Security

Encryption Information

E-Mail Security

HTTP Protocol Security

Linux Security

Exploit Discussion

Complete PDF Archive of Security Manuals

In The News General Security Information Exploit & Vulnerability Mailing List Archives Product and Program Reviews GSO Tutorials System Security Windows Systems Beginners Section Linux & Unix Systems Trojan & Virus Errata Networking Security / Firewall / IDS / VPN / Routers System Hardening E-Mail Security Wifi Security Trial Member Uploads Upload discovered Trojans & Mal ware (25 posts) The Cork Board Network Security Consultant Directory Network Security Jobs The Archives Encryption Information General Network Security Internet Anonymity HTTP Protocol Security Linux Security MS IIS Information Exploit Articles Programming / Tool Design GSO Software Projects Public Downloads Microsoft Security Questions and Papers
	Database Security (Common-sense Principles)
	Places that viruses and trojans hide on start up
	Step-by-Step Guide to Using the Security Configuration Tool Set
	Improving the Security of Your Site by Breaking Into it
	Domain Name Robbery
	XDCC - An .EDU Admin's Nightmare
	Database Security
	Database Security
	Is Database Security an Oxymoron?
	Database security: protecting sensitive and critical information
	The database security blanket
	Database security in your Web-enabled apps
	Making Your Network Safe for Databases
	SQL Injection: Modes of Attack, Defence, and Why It Matters
	Database Security in High Risk Environments
	Linksys Router Information (A collection)
	Common Ports
	Protection of the Administrator Account in the Offline SAM
	Windows 2000 Security
	The dangers of ftp conversions on misconfigured systems
	Win98.BlackBat
	AnnaKournikova worm decrypted
	C/C++ made easy with GoGooSE 1.0
	UNIX Bourne Shell Programming
	BATCH ProgramminG
	Assembly for nerds using linux
	THE LATEST IN DENIAL OF SERVICE ATTACKS: "SMURFING"
	The Ingredients to ARP Poison
	Outlook 2002: can't send .exe file with Email
	Windows 9x/Me Security and System Restrictions
	Exploiting The IPC Share
	Local Windows hacking
	Windows Cryptic Error Messages
	Windows NT Registry Tutorial
	catch a macro virus
	Protecting Files with Windows NTXP
	Microsoft Baseline Security Analyzer V1.1
	A Beginners Guide To Wireless Security
	Default Logins and Passwords for Networked Devices
	How To Eliminate The Ten Most Critical Internet Security Threats
	About computer crime
	System Backdoor Information
	System Backdoors Explained
	Introduction to Buffer Overflow
	Donald Pipkin's Security Tips for the Week of December 23rd
	Getting IP data from numerous sources
	Rainbow Series Library [The One The Only]
	Honeypots (Definitions and Value of Honeypots)
	General Attack Descriptions
	Wireless Taping
	CYBERTERRORISM
	Security from a different angle

Crypto A Crime? -03 Mar 2003

Crypto A Crime?

I asked this question of my network security brethren, post Sept. 11th and how much more crappy legislature do we have to deal with? First came along the Patriot Act which generalized a description of a terrorist so that practically anyone could fit the bill.

And now comes along a new piece of legislature that is going to be introduced to the senate. In this piece of Legislature it will supposedly make the use of cryptographic material during a crime an additional felony. This means that if you break any law and in the process at anytime use a form of encryption you will gain an additional felony offense.

Once again this legislature has broad definitions of the word encryption. They have in essence included any form of Encryption, Including encryption that may be used during authentication methods with programs. So if you're using PKI or SSL or another form of encryption and you perform a crime, no matter how minor, you could possibly be facing felony charges in addition to the crime you were originally charged with.

Now many people would say that if you are on the straight and narrow, then there’s nothing you should worry about. But, that’s not the point here. The point is, that the government continues to use a generalized approach to drafting legislature. Instead of attempting to invent new ways for attaching additional penalties to crimes, they should just stiffen penalties for already existing crimes.

An article in Security Focus, properly illustrated this point.
View original article at: http://www.securityfocus.com/columnists/145
Mark Rash gives us an example of how far this legislature can go.

If you're purchasing a book from Amazon.com, and perhaps decide not to click on the “include sales tax” button. And you were then caught. You can then be charged with a felony criminal offense. The reason being that during the transaction you used SSL. This is a 128 bit encryption algorithm. Hence, you used encryption during the commission of your crime. Obviously this illustration makes it painfully apparent how ridiculous this piece of legislation is.

Now I'm not saying encryption will not be used during terrorist activities or criminal activities. My point is that this legislation does nothing to prevent that, and nor does it strike any additional fear in the heart of the criminal. So such useless legislature will hopefully never get past.

Blake Wiedman
Founder Governmentsecurity.org

[Back to list]