RE: what to do it illegal activity found during pen-test

From: Ebeling, Jr., Herman Frederick (hfebelingjr@lycos.com)
Date: Thu Jul 13 2006 - 16:40:00 EDT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----Original Message----
From: Eliah Kagan [mailto:degeneracypressure@gmail.com]
Sent: Tuesday, 11 July, 2006 23:24
To: pen-test@securityfocus.com
Subject: Re: what to do it illegal activity found during pen-test

: On 7/11/06, Ebeling, Jr., Herman Frederick wrote:
: : Sadly, at the moment I cannot recall where or when it was that
I'd
: : heard it, but I am sure that it was on a news program. However I
: : did a quick Google search
: :
(http://www.google.com/search?hl=en&q=child+pornography+laws+in+the+un
: : ited+states) and came up with the following:
: :
: : http://www.adultweblaw.com/laws/childporn.htm
: :
: : I think that the following applies:
: :
: : 3. Federal Statutes:
: :
: : Title 18 of the United States Code governs child pornography. See
: : Chapter 110, Sexual Exploitation and Other Abuse of Children. 18
: : U.S.C. § 2256 defines "Child pornography" as:
: :
: : "any visual depiction, including any photograph, film, video,
: : picture, or computer or computer-generated image or picture,
: : whether made or produced by electronic, mechanical, or other
: : means, of sexually explicit conduct, where -
: : (A) the production of such visual depiction involves the use of a
: : minor engaging in sexually explicit conduct;
: : (B) such visual depiction is, or appears to be, of a minor
: : engaging in sexually explicit conduct;
: : (C) such visual depiction has been created, adapted, or modified
: : to appear that an identifiable minor is engaging in sexually
: : explicit conduct; or
: : (D) such visual depiction is advertised, promoted, presented,
: : described, or distributed in such a manner that conveys the
: : impression that the material is or contains a visual depictation
: : of a minor engaging in sexually explicit conduct . . ."
: :
: : Of which I think that the subsections would cover adults
: : who are dressed or made up to appear as children/minors.
:
: The question is, does this cover adults engaging in sexually
: explicit activity and made to look like minors, or does it merely
: (and rightly) criminalize having actual children who are not
: engaging in sexually explicit activity being made to *look* as
: though they are?
:
: I seem to recall a supreme court case that touched on this, but I
: could be wrong and I don't quite remember the ruling--if I manage
to
: be less busy in the next couple days, I'll look for it.

        I think that subsections B - D would cover said situation. As they
talk about "models or actors" that are intended to give the viewer
the impression that they are looking at minors engaged in various sex
acts.

        It might have been brought about by Hollywood, as I am sure as it is
written it would make most if not all of the "Teen Exploitation"
movies kiddie porn. As I think that it is safe to presume that the
actors in 'em are all adults, less it truly be kiddie porn. . .

:
: : But in general I agree with you that it could have a chilling
: : effect on what is otherwise nomilly legal and protected porn.
:
: And also potentially the effect of diluting in people's minds how
: bad real child porn is. It might seem that the social stigma
: associated with child pornography and with sexual abuse of children
: in general is great enough that this would not be a huge issue. But
: consider the hypothetical case of a pen-tester *not* reporting
: material that is child pornography under the law, thinking that it
: involves only adults and is consequently not morally reprehensible,
: but being wrong in thinking that it involves only adults...

        True, but it could also show how seriously kiddie porn is taken by
showing that even if the models/actors are adults but through either
the use of dressed or makeup that it is still not acceptable.

:
: Ideally, a Good Samaritan sort of law would protect people who
: report material that looks illegal and cannot, after a demonstrated
: good-faith attempt to determine whether or not it is illegal, be
: shown not to be, while at the same time not expanding contraband
: beyond the realm of material that should be criminalized (i.e.
: material that requires grievous violation of the law to make and
: distribute).

        I agree with you 100 and 10% on that. I think that any good faith
attempt to do the right thing should not be punished.

:
: -Eliah

- -----
Herman
Live Long and Prosper
 ___________________ _-_
 \==============_=_/ ____.---'---`---.____
             \_ \ \----._________.----/
               \ \ / / `-_-'
           __,--`.`-'..'-_
          /____ ||-
               `--.____,-'

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3
Comment: Space the Final Frontier

iQA/AwUBRLaKzx/i52nbE9vTEQK3DACfacpdqysmD2l5f5fy/UpFyHnscWYAoPL9
e5ofACI7jArNE/x40vJ2138R
=8lNq
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:17 EDT