What Security Researchers Need to Know About Anti-Hacking Law

Explore the legal landscape of anti-hacking laws in this 59-minute Black Hat USA 2013 conference talk. Gain insights into the Computer Fraud and Abuse Act (CFAA), its broad language, and severe penalties. Examine notable legal precedents relevant to the infosec community, including cases on port scanning, website terms of use violations, and bypassing technical access controls. Delve into the prosecution of Andrew Auernheimer (Weev) and its implications for security researchers. Learn strategies to reduce potential legal risks, understand the state of the law, and navigate ethical considerations in information security. Discuss topics such as unauthorized access, public disclosure, professional conduct, open WiFi, DMCA exceptions, and active defense measures.

Introduction
Overview
Disclaimer
CFAA Overview
What makes access unauthorized
Other notable provisions
Civil penalties
Problems with CFAA
Violating Agreements Policies
Unauthorized Access
Technical Means
CFA Violation
Public Disclosure
Being a Professional
What can we learn
Feedback
How can we protect ourselves
Open WiFi
Ethics in Information Security
DMCA Exceptions
Active Defense
State of the Law