lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 26 Sep 2007 17:38:08 +0000
From: gjgowey@....blackberry.net
To: "worried security" <worriedsecurity@...glemail.com>,
	full-disclosure-bounces@...ts.grok.org.uk,
	full-disclosure@...ts.grok.org.uk
Subject: Re: 
	n.runs AG puts §202 law to the test - Tools back online

Right now I'm having flash backs of Joclyn elders (former American surgeon general under the Clinton administration) saying how "we need to make safer guns and safer bullets".  Gotta love how logic gets overrided by emotions when it comes to laws.

Geoff



Sent from my BlackBerry wireless handheld.

-----Original Message-----
From: "worried security" <worriedsecurity@...glemail.com>

Date: Wed, 26 Sep 2007 17:37:38 
To:full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure]
	n.runs AG puts §202 law to t
	he test - Tools back online


On 9/26/07, Thierry Zoller <Thierry.Zoller@...ns.com <mailto:Thierry.Zoller@...ns.com> > wrote: -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Dear List,
You may or may not have noticed but a lot of German companies and 
researches have pulled their tools from their website in fear of litigation. 
  
 
I don't think it was necessary for folks scramble to remove existing tools. if you got arrested, you could show the police that your tool was uploaded to the server before the law was introduced. in short, folks should of been mass uploading as much code as they could before the law came into force on August 10th, not removing it. 
  
If servers are still letting people download but the upload was done before August 10th, then it shouldn't count as a criminal act, even if the download is available after August 10th. Only uploads to servers should be illegal after August 10th, and why just go after folks hosting the tools, why not go after the folks downloading the tools too. 
  
In the bigger picture of things, its the folks downloading the tools who are the criminals, but how do you distribute those tools to legitimate researchers, who only want to progress the journey of explotiation development to safer the systems people want to compromise? 
  
not all downloaders are the criminal, so why target the host of the tools, when you can use your intelligence agency to monitor folks downloading tools from servers and watching what they do with them. 
  
it looks like the german intelligence services are trying to do a short cut by outlawing all cyber security research activity, than having control mechanisms in place to kick out the rogue researchers from the true researchers. 
  
i know a lot of people who are german, and i know the german mentallity, they have said *oh cyber security, this seems like non sense, we only want to concentrate on real life bomb intelligence services activity, to cut costs on monitoring cyber security legitimate research, lets outlaw it, so its far easier on our resources and is less costly for us*. 
  
germany, you need dedicated cyber security teams, germany you need to invest millions of money into cyber security. i'm sorry this whole internet thing and security is hard to come to terms with, but yeah, deal with it. 
  
undo your law, spend the millions of money you wish you could spend on other things. the internet is here to stay and without cyber security research, there won't be any cyber security in your country. 
  
and you wonder why china was able to break into your government systems, you'll never know if your dumb law has prevented a security researcher from speaking out against a vulnerability on your government networks. so the vulnerability was left unpatched and the chinese government used it to compromise your systems. 
  
have a nice day germany, 
  
n3td3v _______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists