lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <000701c29556$be213a90$0201a8c0@AA31F>
From: euan_briggs at btinternet.com (Euan Briggs)
Subject: ranting.. was Re: (no subject) PS 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> None of the above dictates that user freedom is defined by
> disclosure in and all by itself.  It is again, always a personal
> choice (and often dictated by our employers - another story), but
> it is certainly defined that the freedom for the users of software
> are taken away, when they, when we, are required _not_ to disclose.
>
> </rant>
>
> --
> Silvio


I wasn't actually referring to the full-disclosure issue here when I
talked about PHC adding nails to the coffin of internet freedom.
However I completely agree with you in that the form disclosure takes
is a free choice, its not down to governments to interfere in this.
Its the kind of thing where industry standard ethical guidelines,
agreed by general concensus are more appropriate than legislative
controls, and this is more in the spirit of the internet. I think
rather than having governments formalise the disclosure process
itself, their idea of criminalising the release of functional
ready-to-go ./hack tools is not over the top and could actually
protect against the dangers of that form of disclosure, without
limiting the individual or the business's freedom to disclose in a
way which has maximum benefit for all. Nobody but blackhats disclose
functional "proof of concept" (what a misnomer) code, so nobody but
blackhats have anything to fear from laws which attempt to regulate
such releases. I would be happy to see that happen, as long as it is
done in such a way that it doesnt stifle or outlaw legitemate
research, as the DMCA attempts to do, which is in the interests of
business rather than the interests of security. Personally I think
the language in the DMCA should be changed, as the bits about reverse
engineering etc look like they can be applied in ways that exceed the
intended scope of the legislation.

Euan

PHC analogy number 398434:   "PHC is like the mouse saying to the
vermin hunting cat 'hey, you shouldnt eat mice, and besides, I can't
be bothered running away from you'

 

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPeOCx0P0lBKBG8xoEQL9owCfQKNC+BB9DUDRbsc68QABggwkUBYAn27G
kwi9KdmX6b0nTUInPV1r0z35
=79P5
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ