| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 4 Apr 2014 15:05:44 -0400 From: Not EcksKaySeeDee <noteckskayseedee@...il.com> To: Andres Riancho <andres.riancho@...il.com> Cc: fulldisclosure@...lists.org Subject: Re: [FD] Legality of Open Source Tools True, s/ware is different from a gun. I mostly meant it tongue in cheek. But I can't help but wonder, what with the increase of people learning to code (mind you, there's a diff between hobby and serious, I accept that), and the whole Internet of Things, and the fact that most modern hardware (nuclear reactor, medical, automotive, aeronautical...) relies on code underneath of some form or fashion, that code has the potential to kill. On Fri, Apr 4, 2014 at 2:56 PM, Andres Riancho <andres.riancho@...il.com>wrote: > Software is SO different to a gun... you can't really compare them. > Real people will die in most cases when a gun is misused, only > electrons are disturbed (in the great majority of cases) if you misuse > a hacking tool. > > On Fri, Apr 4, 2014 at 3:50 PM, Not EcksKaySeeDee > <noteckskayseedee@...il.com> wrote: > > Re: Use of a disclaimer on these sort of tools (i.e., those that can harm > > and/or be used for good). > > > > Wonder if any gun dealer applied something similar in their shop, or for > > that matter, in a hardware store under the hammer section. > > > > > > On Fri, Apr 4, 2014 at 2:29 PM, Andres Riancho <andres.riancho@...il.com > > > > wrote: > >> > >> Hi. As w3af's project leader I've not received any legal threats over > >> the seven years this project has been alive. > >> > >> Only a couple of months ago, and just to be sure, I added this > >> disclaimer which users need to accept to run the tool. > >> > >> DISCLAIMER = """Usage of w3af for sending any traffic to a target > >> without prior mutual consent is illegal. It is the end user's > >> responsibility to > >> obey all applicable local, state and federal laws. Developers assume > >> no liability > >> and are not responsible for any misuse or damage caused by this > >> program.""" > >> > >> On Fri, Apr 4, 2014 at 7:58 AM, Bryan Bickford <bryan@...wildhats.com> > >> wrote: > >> > Greetings > >> > > >> > I am a security researcher who is working on a project in my free > time, > >> > without going into details - the project will end with a powerful tool > >> > being publicly released. > >> > > >> > Obviously most cyber security tools have the potential for abuse. What > >> > sort > >> > of legal hurdles (if any) do you need to overcome to protect yourself > >> > when > >> > releasing software along the lines of metasploit? > >> > > >> > _______________________________________________ > >> > Sent through the Full Disclosure mailing list > >> > http://nmap.org/mailman/listinfo/fulldisclosure > >> > Web Archives & RSS: http://seclists.org/fulldisclosure/ > >> > >> > >> > >> -- > >> Andrés Riancho > >> Project Leader at w3af - http://w3af.org/ > >> Web Application Attack and Audit Framework > >> Twitter: @w3af > >> GPG: 0x93C344F3 > >> > >> _______________________________________________ > >> Sent through the Full Disclosure mailing list > >> http://nmap.org/mailman/listinfo/fulldisclosure > >> Web Archives & RSS: http://seclists.org/fulldisclosure/ > > > > > > > > -- > Andrés Riancho > Project Leader at w3af - http://w3af.org/ > Web Application Attack and Audit Framework > Twitter: @w3af > GPG: 0x93C344F3 > _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists