Date: Fri, 4 Apr 2014 21:05:14 +0200
From: Ryan Dewhurst <ryandewhurst@...il.com>
To: Andres Riancho <andres.riancho@...il.com>
Cc: fulldisclosure@...lists.org
Subject: Re: [FD] Legality of Open Source Tools

I believe Germany passed a law about exploits and/or "security tools". Also
in the UK, some of the amendments to the CMA has a statement about
distributing "articles" which some believe also includes software. I don't
know of any case in the UK though where someone has gotten into trouble
with this. I *believe* it is taken pretty seriously in Germany though.

Having released a few Open Source tools myself, I can confirm that I've
never had a legal threat of this nature. Although adding a disclaimer like
Andres's is a wise move.


On Fri, Apr 4, 2014 at 8:56 PM, Andres Riancho <andres.riancho@...il.com>wrote:

> Software is SO different to a gun... you can't really compare them.
> Real people will die in most cases when a gun is misused, only
> electrons are disturbed (in the great majority of cases) if you misuse
> a hacking tool.
>
> On Fri, Apr 4, 2014 at 3:50 PM, Not EcksKaySeeDee
> <noteckskayseedee@...il.com> wrote:
> > Re: Use of a disclaimer on these sort of tools (i.e., those that can harm
> > and/or be used for good).
> >
> > Wonder if any gun dealer applied something similar in their shop, or for
> > that matter, in a hardware store under the hammer section.
> >
> >
> > On Fri, Apr 4, 2014 at 2:29 PM, Andres Riancho <andres.riancho@...il.com
> >
> > wrote:
> >>
> >> Hi. As w3af's project leader I've not received any legal threats over
> >> the seven years this project has been alive.
> >>
> >> Only a couple of months ago, and just to be sure, I added this
> >> disclaimer which users need to accept to run the tool.
> >>
> >> DISCLAIMER = """Usage of w3af for sending any traffic to a target
> >>  without prior mutual consent is illegal. It is the end user's
> >> responsibility to
> >>  obey all applicable local, state and federal laws. Developers assume
> >> no liability
> >>  and are not responsible for any misuse or damage caused by this
> >> program."""
> >>
> >> On Fri, Apr 4, 2014 at 7:58 AM, Bryan Bickford <bryan@...wildhats.com>
> >> wrote:
> >> > Greetings
> >> >
> >> > I am a security researcher who is working on a project in my free
> time,
> >> > without going into details - the project will end with a powerful tool
> >> > being publicly released.
> >> >
> >> > Obviously most cyber security tools have the potential for abuse. What
> >> > sort
> >> > of legal hurdles (if any) do you need to overcome to protect yourself
> >> > when
> >> > releasing software along the lines of metasploit?
> >> >
> >> > _______________________________________________
> >> > Sent through the Full Disclosure mailing list
> >> > http://nmap.org/mailman/listinfo/fulldisclosure
> >> > Web Archives & RSS: http://seclists.org/fulldisclosure/
> >>
> >>
> >>
> >> --
> >> Andrés Riancho
> >> Project Leader at w3af - http://w3af.org/
> >> Web Application Attack and Audit Framework
> >> Twitter: @w3af
> >> GPG: 0x93C344F3
> >>
> >> _______________________________________________
> >> Sent through the Full Disclosure mailing list
> >> http://nmap.org/mailman/listinfo/fulldisclosure
> >> Web Archives & RSS: http://seclists.org/fulldisclosure/
> >
> >
>
>
>
> --
> Andrés Riancho
> Project Leader at w3af - http://w3af.org/
> Web Application Attack and Audit Framework
> Twitter: @w3af
> GPG: 0x93C344F3
>
> _______________________________________________
> Sent through the Full Disclosure mailing list
> http://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/
>

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists