There is more and more talk about companies hacking back against those who attack them in cyber space and whether allowing them to take such measures is a good idea. Right now, hacking back, or active defense, as it is often called, is illegal under the federal unauthorized access law, the Computer Fraud and Abuse … Continue reading What does it mean to “hack back” and is it a good idea?
In United States v. Anastasio N. Laoutaris, 2018 WL 614943 (5th Cir. Jan. 29, 2018), the United States Fifth Circuit Court of Appeals affirmed a jury verdict finding Laoutaris guilty of two counts of computer intrusion causing damage, in violation of 18 U.S.C. § 1030(a)(5)(A) and (c)(4)(B)(i) of the Computer Fraud and Abuse Act. Laoutaris … Continue reading Fifth Circuit Upholds CFAA Conviction for Former Employee’s Misuse Causing Damage Based on Circumstantial Evidence
Hear Shawn Tuma interviewed on News Radio 570 KLIF - Experts: Update Settings and Download Updates to Protect from “Meltdown” and “Spectre” CLICK HERE if you are impatient and only want to know what you should do ASAP to protect against Spectre and Meltdown With Y2K we had a warning. So much of a warning that … Continue reading Y2K18? Are #Spectre and #Meltdown the Y2K Apocalypse, Eighteen Years Late?
As a teaser to my presentation at SecureWorld - Dallas last week, I did a brief interview with SecureWorld and talked about three of the points I would make in my lunch keynote, The Legal Case for Cybersecurity. If you're going to SecureWorld - Denver next week, join me for the lunch keynote on Thursday (11/2) … Continue reading 3 Legal Points for InfoSec Teams to Consider Before an Incident
In my newsfeed are articles in prominent publications discussing the problems with the federal Computer Fraud and Abuse Act from very different perspectives. In the "the CFAA is dangerous for security researchers" corner we have White Hat Hackers and the Internet of Bodies, in Law360, discussing how precarious the CFAA (and presumably, the state hacking laws … Continue reading What do we in the United States really want from our cyber laws?