lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon, 12 Nov 2007 09:59:03 +0100
From: Vincent Archer <varcher@...yall.com>
To: LT <lt@....hush.com>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Standing Up Against German Laws -
	Project	HayNeedle

On Sat, 2007-11-10 at 22:45 +0100, LT wrote:
> According to [1], Internet Service Providers must record the
> following information:
> 1) the IP address assigned to the customer
> 2) a precise identification of the (dial-in) port that is used for
> internet access (i.e. your phone number, customer number etc)
> 3) connect and disconnect timestamps
> 
> This does however not include logging IP connection attemps to your
> favorite blog or website or anything like this.
> They only have to log the IP address and connection times of your
> dial-in session.

It sounds familiar. In France, this is is also a legal obligation, and
at the same degree, and it has been for some time. It's an extension
of the existing legal obligations in phone telecommunications, which
have existed (including the 6 months time which is the same here) for
ages.

In an old hacking attempt early 2000, that's exactly how we got proof:

Originating IP -> ISP for the phone number -> France Telecom for the
name and address.

You do realise that every phone call you make already leaves the
exact same trace? And in fact more, as the phone call has a
destination phone number, which is also recorded.

> Besides that, there is an explicit statement [2] that forbids
> recording contents or data related to the visited web pages.

Yes, because that is considered wiretapping, which requires a judge
to determine if you have enough cause to warrant the breach of
privacy involved.

-- 
Vincent ARCHER
varcher@...yall.com

Tel : +33 (0)1 40 07 47 14
Fax : +33 (0)1 40 07 47 27
Deny All - 23, rue Notre Dame des Victoires - 75002 Paris - France


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ