lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 29 Nov 2008 17:07:29 -0800
From: "Some Guy Posting To Full Disclosure" <fd.leach@...glemail.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Security industry software license

Just to summarise what's been said and what I think so we can get back
on topic, and conclude something:

No-one hacks using metasploit! Go back to 2003.
Terrorists with metasploit! What to you have a picture in your head of
Mr. Jihad Bigbeard using metasploit to shutdown a powergrid?

Reasons Why It's Hard to archive:
 - It violates freedom.
 - It's hard to enforce without: invading privacy, expending too much
money/resources.
 - Most writers of these tools won't want to have to do this (most
writers of security tools are hackers, you-know: back orifice, pinch,
exploit kits, phising kits, malware creation kits, the entire contents
of milworm, bots, THCs Hydra... it goes on.
 - Geographical constraints. All governments doing the exact same
thing at the same time? Or one organisation forcing it onto the net
(with no power to put people in jail or anything).
 - You cant/shouldn't moderate the internet.

Reasons Why It's Pointlessly ineffective:
 - Piratebay.
 - People writing tools intended for hackers.
 - The massive number of tools that you'd have to moderate to be effective.
 - If not everything is a dangerous security tool then it's reduced in
effectiveness.
 - Most big hacks you see don't take many tools. Like a big database
being dumped with a browser/scripts.
 - You don't solve the problem, at all. Maybe reduce it a little.


Reasons Why It Wouldn't Happen:
 - Most developed western governments like to keep they're 1984 "I'm
watching you" crap behind the curtains.
 - Most governments only do these things because something bad
happened and they have to make up a law to cover their asses, or
something bigger than your rapidshare passes is at stake.
 - I'd protest - I'd go to my countries(UK) capital and march in protest!

Reasons Why It Sucks:
 - It violates freedom (programs are intellectual property - you can't
do that kind of thing to them and call it nice).
 - It would ruin the internet and break a load of enthusiastic geeks' harts.
 - It would force the underground hackers deeper underground.
 - It would discourage security professionals.

Pointless things that people mentioned that made them look like a
child in front of a shit load of subscribers:
 - Personal comments.
 - Attacks at the way someone writes something instead of what they write about.

Questions for to think about/answer:
 - Would you deserve a license. Really? (me: NO!)
 - Would you wish you had one. (me; yeh!)
 - How many of the tools that'd be outlawed have you already written
an equivalent of? (me: loads).
 - If you had to outlaw things, would you outlaw tor? (me: I don't wanna!)


It's a silly idea.
Final Question:
 - Are we finished? Is it over? Is it established that it's a bad idea now?

-- 
I'm your best best friend.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ