IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [legal]

Related to the laws and regulations imposed by governments, the enforcement of those laws, and legal and judicial process including investigation and trial. Note that if your question matches this description chances are high that it is off-topic at this site and you'll better try law.stackexchange.com.

314 questions
163
votes
8 answers

What are the implications of NSA surveillance on the average internet user?

It would appear as though the tinfoil hat-wearing were vindicated today, as news broke of the true scale of the U.S. government's surveillance of its citizens' online activities, conducted primarily through the NSA and seemingly beyond the realm of…
nitrl
  • 3,003
  • 4
  • 20
  • 23
121
votes
8 answers

Is it acceptable that a skilled professional pentester deletes or modifies sensitive data in production unintentionally during a pentest?

Today I experienced a situation where a person responsible for the security of a company required a pentesting company to withdraw a clause in the contract that says that: "during the pentest there exist the possibility to delete or modify…
kinunt
  • 2,759
  • 2
  • 23
  • 30
119
votes
12 answers

How can I punish a hacker?

I am a small business owner. My website was recently hacked, although no damage was done; non-sensitive data was stolen and some backdoor shells were uploaded. Since then, I have deleted the shells, fixed the vulnerability and blocked the IP address…
Elmo
  • 1,257
  • 2
  • 9
  • 9
106
votes
8 answers

Ex-contractor published company source code and secrets online

Just found my current company code on the plain internet. We are talking hundreds of thousands of lines of scripts and configurations, including database schemas and a fair amount of internal information. Looks like an archive of some project(s),…
user5994461
  • 1,216
  • 3
  • 12
  • 11
72
votes
2 answers

Minimum requirements for storing last 4 digits of credit card number?

We have a merchant website that uses Autorize.net's CIM and AIM. Our users may have multiple credit cards so we'd want to give them opportunity to distinguish between credit cards that they use on site. Currently we think about storing cardholder…
Andrei Botalov
  • 5,267
  • 10
  • 45
  • 73
62
votes
6 answers

At what point does "hacking" become illegal? (US)

Hypothetical situation: before I hire a web development company I want to test their ability to design secure web apps by viewing their previous client's websites. Issue: this situation raises a big red flag: with regards to viewing a website, what…
Moses
  • 2,137
  • 2
  • 20
  • 23
56
votes
17 answers

Can we still provide confidentiality when cryptography is outlawed?

In certain jurisdictions, use of cryptography by the private sector is limited: e.g. there are reports that in the UAE and other countries not all of the encryption capabilities of the BlackBerry are permitted. Similarly, in the 1990s the U.S.…
user185
55
votes
13 answers

What makes it illegal to use the information learned by exploiting a bug?

According to news reports, arrests have already been made in relation to the Heartbleed bug. It sounds like this person managed to gain access to the website's database by capturing the credentials the app used to access the database. This person…
Stephen Solis-Reyes
  • 485
  • 4
  • 6
53
votes
9 answers

How should I tell school that they are vulnerable when I wasn't given permission to check?

I would like to report security weaknesses to my school in UK. I had managed to find security weaknesses without any exploits or other software or hardware. I had look at similar question however problem is that it is very likely to find out that it…
vakus
  • 3,743
  • 3
  • 20
  • 32
38
votes
8 answers

Is it legal to start a private website for you and your friends to hack?

My friends have expressed an interest in hacking, but we don't want to do anything illegal, and considered CTF365, but it was WAY to expensive. Is it possible/legal for one of us to create a private website for us to hack, or play attack/defend with…
mlgking
  • 361
  • 1
  • 3
  • 4
37
votes
1 answer

How did FBI/DoJ retrieve the data stored on the encrypted iPhone?

Quote from The New York Times: The Justice Department said Monday that it had found a way to unlock an iPhone without help from Apple, allowing the agency to withdraw its legal effort to compel the company to assist in a mass-shooting …
Evgeniy Chekan
  • 798
  • 6
  • 12
36
votes
2 answers

Should I present forged documents in a Penetration Test/Red team engagement?

A previous question of mine lead to this discussion which mentioned the subject of Document forgery. I've seen many people (in videos) forge IDs and employee badges for such engagements so that seems fine as a test. However, if asked to present a…
ChocolateOverflow
  • 3,452
  • 4
  • 17
  • 34
34
votes
5 answers

Can someone steal money from my bank account if they know my IBAN and personal details?

To deposit money into your account, some websites require that you provide them with a lot of details about your bank account: name, complete address and IBAN which includes your account number and identifies the exact bank. Can a skilled cracker…
Gess
  • 341
  • 1
  • 3
  • 3
33
votes
6 answers

Is it illegal to read an e-mail that was accidentally sent to you?

I'm not sure if this is the right website to ask this but I'm giving it a shot. I got the following message in an email today: (it's translated so sorry for the typo's/mistakes) This e-mail and it's attachments are confidential and only meant for…
Gen
  • 333
  • 1
  • 3
  • 4
33
votes
8 answers

Is it legal to find bugs on a website and report them to the website's owner?

I'm from Canada, and I'd like to know one thing. I know a bug on one website. I'm not sure if it's legal here to search for bugs on a website and NOT use them; instead, tell its company about it.
iamart
  • 457
  • 4
  • 6
1
2 3
20 21