IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [legal]

Related to the laws and regulations imposed by governments, the enforcement of those laws, and legal and judicial process including investigation and trial. Note that if your question matches this description chances are high that it is off-topic at this site and you'll better try law.stackexchange.com.

314 questions
121
votes
12 answers

How can I punish a hacker?

I am a small business owner. My website was recently hacked, although no damage was done; non-sensitive data was stolen and some backdoor shells were uploaded. Since then, I have deleted the shells, fixed the vulnerability and blocked the IP address…
Elmo
  • 1,267
  • 2
  • 9
  • 9
38
votes
8 answers

Is it legal to start a private website for you and your friends to hack?

My friends have expressed an interest in hacking, but we don't want to do anything illegal, and considered CTF365, but it was WAY to expensive. Is it possible/legal for one of us to create a private website for us to hack, or play attack/defend with…
mlgking
  • 361
  • 1
  • 3
  • 4
23
votes
2 answers

Section 37 of the United Kingdom's computer misuse act

Section 37 of the United Kingdom's computer misuse act states you are not allowed to produce, obtain or supply articles which can be used for computer misuse. How do UK information security bloggers and conference speakers go about this, as…
Lucas Kauffman
  • 54,437
  • 17
  • 116
  • 196
13
votes
7 answers

Is the law the only thing stopping many sites from being hacked/cracked?

There are so many common vulnerabilities out there, so how is it that every Wordpress blog, for example, isn't hacked into often? It seems like the security community is overly paranoid, unless the law is the only thing deterring skilled hackers.…
Moshe
  • 1,861
  • 4
  • 19
  • 23
8
votes
2 answers

Business-to-Business Security Disclosure and Agreement

Looking for a template covering the disclosure information security practices that are standard in Business-to-Business partnerships that share data. For example: Access management Password management Data encryption in storage Data encryption in…
blunders
  • 5,072
  • 4
  • 30
  • 45
7
votes
8 answers

Is hacking back a valid security technique for companies?

Recently it has come to light through the reverse engineering of hacking tools that there are vulnerabilities in them that could be exploited to take over an attackers computer during a remote hacking session. In other words, while they are hacking…
GdD
  • 17,399
  • 2
  • 42
  • 64
5
votes
2 answers

What countries have strong data protection laws?

Many answers on this site and other security-related websites state that one should host sensitive data in a country with strong data protection laws. What countries are these, and how is this determined? I understand that Germany has an excellent…
dotancohen
  • 3,736
  • 3
  • 26
  • 34
4
votes
5 answers

What happens with a subpoena and a system designed to protect itself from you?

After reading about the recent Dropbox issue I'm starting to wonder if they could legally keep their initial promise. Lets say that you're like Dropbox or Lastpass and you store users' information in such a way that you can't open a user's files.…
TheLQ
  • 1,239
  • 1
  • 12
  • 21
4
votes
1 answer

To get security clearance, do I need to be national of the country?

For example, if I want to apply to a job based in UK which requires security clearance, can I only do so if I'm a British national? What if I'm from another country belonging to the EU?
user15194
4
votes
4 answers

When should police be notified about host intrusion?

If an attacker gains unauthorized access to a host, or makes unauthorized modifications to information on that host, is it appropriate to contact the police or some other law-enforcement agency? In many cases, the host in question is in the United…
Eric Rath
  • 349
  • 2
  • 10
4
votes
1 answer

Hacking / Penetration Testing Laws

Is it illegal to post tutorials and articles on hacking related things? In particular in the UK. For example would it be illegal under this law? http://www.legislation.gov.uk/ukpga/1990/18/section/3A
h00j
  • 766
  • 1
  • 7
  • 18
2
votes
1 answer

Can I get in trouble for legitimate mistakes in bug bounty testing?

During some recent bug bounty testing, I needed to record a pcap using Wireshark, then replay it repeatedly in order to stress test a locally hosted server (which is in-scope of the bounty program). However, I unfortunately exported the pcap…
rubberband876
  • 193
  • 5
2
votes
3 answers

Losing Private Keys

Suppose my friend and I make public private key pairs, send some test emails back and forth and a few days later he loses his private key. Is either of us now in potential danger? Could we be detained or be subject to information extraction? Can [I]…
user11101
1
vote
1 answer

Is it legal to publish viticim's password and email?

With so many identities stolen last ten years, we know a bunch of emails and a bunch of passwords. Are the two following databases legal under the US federal laws? Publish a database which victim's identity is paired up with victim's known…
CppLearner
  • 219
  • 1
  • 3
  • 8
1
vote
1 answer

Does data inside a VPC needs to be encrypted in trasit too?

I know there are laws which require all data to be encrypted in transit and at rest. It makes sense for browser to server connections but, Does data flow within a VPC, lets say a kubernetes cluster needs to be encrypted too? Does the data in…
Souradeep Nanda
  • 227
  • 2
  • 9
1
2