lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 4 Apr 2014 15:56:45 -0300
From: Andres Riancho <andres.riancho@...il.com>
To: Not EcksKaySeeDee <noteckskayseedee@...il.com>
Cc: fulldisclosure@...lists.org
Subject: Re: [FD] Legality of Open Source Tools

Software is SO different to a gun... you can't really compare them.
Real people will die in most cases when a gun is misused, only
electrons are disturbed (in the great majority of cases) if you misuse
a hacking tool.

On Fri, Apr 4, 2014 at 3:50 PM, Not EcksKaySeeDee
<noteckskayseedee@...il.com> wrote:
> Re: Use of a disclaimer on these sort of tools (i.e., those that can harm
> and/or be used for good).
>
> Wonder if any gun dealer applied something similar in their shop, or for
> that matter, in a hardware store under the hammer section.
>
>
> On Fri, Apr 4, 2014 at 2:29 PM, Andres Riancho <andres.riancho@...il.com>
> wrote:
>>
>> Hi. As w3af's project leader I've not received any legal threats over
>> the seven years this project has been alive.
>>
>> Only a couple of months ago, and just to be sure, I added this
>> disclaimer which users need to accept to run the tool.
>>
>> DISCLAIMER = """Usage of w3af for sending any traffic to a target
>>  without prior mutual consent is illegal. It is the end user's
>> responsibility to
>>  obey all applicable local, state and federal laws. Developers assume
>> no liability
>>  and are not responsible for any misuse or damage caused by this
>> program."""
>>
>> On Fri, Apr 4, 2014 at 7:58 AM, Bryan Bickford <bryan@...wildhats.com>
>> wrote:
>> > Greetings
>> >
>> > I am a security researcher who is working on a project in my free time,
>> > without going into details - the project will end with a powerful tool
>> > being publicly released.
>> >
>> > Obviously most cyber security tools have the potential for abuse. What
>> > sort
>> > of legal hurdles (if any) do you need to overcome to protect yourself
>> > when
>> > releasing software along the lines of metasploit?
>> >
>> > _______________________________________________
>> > Sent through the Full Disclosure mailing list
>> > http://nmap.org/mailman/listinfo/fulldisclosure
>> > Web Archives & RSS: http://seclists.org/fulldisclosure/
>>
>>
>>
>> --
>> Andrés Riancho
>> Project Leader at w3af - http://w3af.org/
>> Web Application Attack and Audit Framework
>> Twitter: @w3af
>> GPG: 0x93C344F3
>>
>> _______________________________________________
>> Sent through the Full Disclosure mailing list
>> http://nmap.org/mailman/listinfo/fulldisclosure
>> Web Archives & RSS: http://seclists.org/fulldisclosure/
>
>



-- 
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists