[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CF64C38D6BE745249AB6C88B62D17B32@SYSMAN.COM>
Date: Tue, 13 Nov 2007 17:28:49 +0530
From: "Sysman" <sysman@...l.com>
To: "'Paul Sebastian Ziegler'" <psz@...erved.de>, <bugtraq@...urityfocus.com>,
"'full-disclosure'" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Standing Up Against German Laws - Project
HayNeedle
Paul,
1. As I understand, the monitoring is not as wide as you described.
2. Even if, it is there, it is for Public good. It is to protect you against
terrorism. Yes, this amounts to big brother is watching, but many times,
that is essential. Remember USA 9/11/2001, London 7/7/2006, India (many many
incidents). Have trust in your government. I believe, German government
machinery is reasonable efficient and honest. If communication transactions
are logged, what is the harm? In case of any incident, how will the
government investigate? If you are a security professional, don't you advise
your client for all this like audit logs etc.
3. Even if, you need to protest, please do. This is your right. But, this is
not the way to protest. Even if you say that technically you are not
breaking any law, the difference between you and a law breaker is very thin.
If you want to protect, use democratic methods. Write about it in print
media. Use electronic media to mobilise opinion. Create Blogs. Send e-mails.
Lobby with MPs (members of Bundestag). If your ideas will appeal to people,
many will raise voice. Ultimately, law is manifestation of social
aspirations for social good. As I understand, Germany (Deutschland) is a
vibrant democracy and not a dictatorship or oppressive state. Further, ask
the background - why this law was necessary? In a democracy, laws are made
after careful and well defined process. Ask for the details of the process.
4. If you can cite some incidents of misuse / oppression by the government
machinery of any other law, you can quote that in venting your feelings /
opinion.
This is my personal opinion. You are free to take your own decision. Even
if, you may curse me, I have no problem. You and me both live in functional
and vibrant democracies. Both are counted amongst top 5 democracies in the
world. I feel, it is my democratic right to express my opinion, even if you
do not subscribe to it.
I am from India. We have been victims of many terrorist attacks. I can say
that if state is watching the traffic (net, phone, road, human, etc.) for
public good with honesty, it is good for public.
Further, you said "This is madness for various apparent reasons". I fail to
understand - what are the various apparent reasons? can you describe a few
of these apparent reasons.
Regards,
Rakesh Goyal
AMIE (IE, Gold Medalist), PGDM (IIM-B, Gold Medalist), CISA, CISM
CEng, CMC, CCCI, CFE, FIE, MIEng, MIInst W, MIMC, MIIIE, FISM
Managing Director, Sysman Computers (P) Ltd.,
and
Director-General, Centre for Research and Prevention of Computer Crimes,
Sion, Mumbai 400 022
Phone : +91-99672-48000 / 99672-47000
e-mail : sysman@...man.in & rakesh@...man.in
url : http://www.sysman.in and http://www.sysman.co.in
(Sysman has been empanelled as (a) IS Auditors under IT Act-2000 to audit
PKI (2001-2007) AND (b) as IS Security Auditor by CERT-In (Govt. of India)
(2004-2009) AND Sysman is Associate Consultant to British Standards
Institution to implement BS7799 / ISO17799 / ISO 27001 ISMS).
_____
Author of books -
1. Computer Crimes - Concept, Control and Prevention (Published in 1993).
2. Bank Computerisation (Published in 1996).
3. Digital Signature - All you want to know about it, but don't know whom to
ask! (Published in 2004).
4. Demystifying Information Technology Act - 2000 (Published in 2005).
5. Sankat Mochan Yojana (Published in 2005) - can be downloaded from
www.sysman.in <http://www.sysman.in> .
6. Publisher of Case Studies in Information Security (Published in 2002).
***********************************
The information in this email is confidential, and intended solely for the
addressee. Access to this email by anyone else is unauthorized. Any copying
or further distribution beyond the original recipient is not intended, and
may be unlawful.
_____
-----Original Message-----
From: Paul Sebastian Ziegler [mailto:psz@...erved.de]
Sent: Saturday, November 10, 2007 10:59 PM
To: bugtraq@...urityfocus.com; full-disclosure
Subject: Standing Up Against German Laws - Project HayNeedle
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Dear Infosec community,
as most of you may have heard the German government passed a law today
that will lead to all connections being logged for 6 months. This
includes phone calls as well as all internet connections.
This is madness for various apparent reasons. In times like these it is
necessary to stand up against it. Of course not by committing crimes but
by attacking the flawed logic behind those laws itself.
There are many approaches to this. And I am sure (and I really hope)
that there will be many more taken. This is just one approach that came
to my mind today.
Introducing Project HayNeedle.
A tiny spider-like program written in C# that will create connection
sessions on it's own thus trying to create plausible deniablility. It
runs within the .NET framework and was tested on Linux and Windows XP.
If it runs on your OS, drop me a line, if it doesn't send me a report.
It should run on almost any OS supporting Mono.
The mechanism is quite easy: It searches Google for random words and
picks random pages among the results, then spiders from there (well it
is spidering except that it only follows one URL at a time within a
session thus simulating a user).
A long description of the idea behind it and the technique as well as
downloads of the sourcecode and binary can be found here (English and
German version):
http://observed.de/?entnum=126
Project HayNeedle is released under the GPLv2. So any form of patches,
ideas and constructive criticism is welcome. However for the sake of
everyones nerves I will not reply to any sort of aggressive and/or
flaming mails.
Many Greetings
Paul Sebastian Ziegler
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHNepUaHrXRd80sY8RCqprAKC/8EVMf/FVibcyLWc1ksnq9ZRT7ACg9FpS
4JpBVvHE1TI3ZPkvgSPXuGA=
=g7Qt
-----END PGP SIGNATURE-----
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.503 / Virus Database: 269.15.30/1125 - Release Date: 11/11/2007
9:50 PM
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists