lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: rgerhards at hq.adiscon.com (Rainer Gerhards)
Subject: JAP back doored

> I haven't had any problem issuing security advisories. What is this in
> reference to?

DMCA

> 
> Pointing the finger elsewhere does not excuse the fact that the German
> State has trojanized a popular application which was open to the world
> to download. And, indeed, the world did download.
> 
> Here are some things I do not care if Germany does:
> 
>  - I don't care if they listen to their own wires
>  - I don't care if they hack into their own criminals systems
>  - I do not care if they use zero day to do this
>  - I do not even care if they hack into criminals systems in other
> countries if they have some jurisdiction in this and are working with
> other authorities. For instance, if they were hacking into terrorist
> networks which spanned across the world and were sharing this
> information, I would not care.
> 
> A German cop has no jurisdiction over me. He has no jurisdiction over
> anyone outside of Germany.
> 
> This is the same for every country.

<rant>
Sorry, but I need to violently disagree. Let me first of all say that I
am very pro-US. But you are acting out the attitude that others let
think of the imperialistic US and creates a bad view on the US in
general.

For example, the US gets jurisdiction about me if
- we sell to Cuba (via some tricks in the helms-burton and follow up
acts)
- violate the DMCA (And this *can* be done by posting an advisor or an
exploit)
- if I do some reasearch, I will most probably find more, beginning from
tax laws to
  all kinds of laws.

Sure, the (typically) can't reach me unless I enter US ground. But then
they can and will do (should I remind you of some russian floks... ;)).

The US Gouvernment is very well at censoring (see library vs. filter
issue) and DOES a great deal of monitoring of the Internet. It doesn't
help the TIA has been renamed. It is kind of sarcatsic that it now says
it won't affect US citicens but all others. Is that why you claim the US
has better laws ;) 

Ok, it is natural and to be expected that a nation cares about its own
citiens. After all, this is what citicenship is good for. It is natural
that the US protects its own interests and laws. But accept the fact
that other nations do this, too. Otherwise you add to the (thankfully
mostly false impression) of the "ignorant American".

As another poster pointed out, the US have a *big* monitoring spot over
here in Germany where they spy on telephone conversation, faxes and
nowadays probably email (btw: they operate it partly together with the
British). It is kind of ironic: While I don't know the inner workings of
JAB, it may have very well been the case that an US citizen used the
German server (before it became "trojaned") and the US monitoring took
record of what he did. Also, for obvious reasons, this email will be
scanned by the NSA. So, ironically, by using a German service an US
citicen may become monitored by the US just because of the fact that the
US monitoring post in Germany (and there are others in other countries)
did assume he is not an US citizen because he virtually left the
country. Quite ironic, isn't it? But it doesn't matter, the US GOV
already has (or will shortly) install monitoring devices in all US
Internet exchanges, if you remeber that discussion. Such movements are
being accelerated by the latest anti-terrorrism laws, which find many
abusers...

What is the bottom line: the US is a Big Brother in many respects. I
don't think it is correct for an US citizen to assume that the others
are the bad guys just because the do (partly) of what the US does for
decades now...
</rant>

Generally, I think that is only vaguely an issue of either Germany or
the US - it is an issue of local laws not catching up with the Internet.
And it is an issue of the worldwide movement towards less freedom. We
need to stand up against it, but I also think we need to stand up
against this within the law system. Democracy definitely is not
bullet-proof and has its weaknesses - but it is the best system I know
and even though it is slow, we should take some time to fight the needed
fights...

Rainer

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ