lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 4 Apr 2014 15:12:37 -0400
From: Sullo <csullo@...il.com>
To: Andres Riancho <andres.riancho@...il.com>
Cc: fulldisclosure@...lists.org
Subject: Re: [FD] Legality of Open Source Tools

After a dozen-ish years of Nikto and some other tools, it's not been a
problem for me either.

However, it doesn't have to be illegal for someone to sue you, or include
you in a court case, which can ruin your day and possibly cost you money
regardless of right or wrong.  Having disclaimers and a license with a
forum selection clause can make your life easier should the worst case
thing happen.

Just my $.02--the closest I am to being a lawyer is having watched Boston
Legal.

-Sullo


to DoS something
On Fri, Apr 4, 2014 at 2:29 PM, Andres Riancho <andres.riancho@...il.com>wrote:

> Hi. As w3af's project leader I've not received any legal threats over
> the seven years this project has been alive.
>
> Only a couple of months ago, and just to be sure, I added this
> disclaimer which users need to accept to run the tool.
>
> DISCLAIMER = """Usage of w3af for sending any traffic to a target
>  without prior mutual consent is illegal. It is the end user's
> responsibility to
>  obey all applicable local, state and federal laws. Developers assume
> no liability
>  and are not responsible for any misuse or damage caused by this
> program."""
>
> On Fri, Apr 4, 2014 at 7:58 AM, Bryan Bickford <bryan@...wildhats.com>
> wrote:
> > Greetings
> >
> > I am a security researcher who is working on a project in my free time,
> > without going into details - the project will end with a powerful tool
> > being publicly released.
> >
> > Obviously most cyber security tools have the potential for abuse. What
> sort
> > of legal hurdles (if any) do you need to overcome to protect yourself
> when
> > releasing software along the lines of metasploit?
> >
> > _______________________________________________
> > Sent through the Full Disclosure mailing list
> > http://nmap.org/mailman/listinfo/fulldisclosure
> > Web Archives & RSS: http://seclists.org/fulldisclosure/
>
>
>
> --
> Andrés Riancho
> Project Leader at w3af - http://w3af.org/
> Web Application Attack and Audit Framework
> Twitter: @w3af
> GPG: 0x93C344F3
>
> _______________________________________________
> Sent through the Full Disclosure mailing list
> http://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/
>



-- 

http://www.cirt.net     |      http://rvasec.com/

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ