lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 5 Apr 2014 00:59:57 +0200
From: Volker Tanger <vtlists@...e.de>
To: fulldisclosure@...lists.org
Subject: Re: [FD] Legality of Open Source Tools

Greetings!

> I believe Germany passed a law about exploits and/or "security
> tools".    [...]   I *believe* it is taken pretty seriously in
> Germany though.

Of course it's taken seriously here in Germany.
We take EVERYTHING seriously.
;-)

The law (ยง202c StGB) and its application already have been evaluated in
court - after a German computer magazine publisher reported itself for
such an offence (by offering downloads for nmap etc.)

It only is illegal to program, distribute, own, ... programs that are 
EXPLICITLY designed to commit a(n actual) criminal offence with it. 
Dual-use tools are lacking the law's "designed for an actual crime"
requirement.

Thus the banking-trojan is illegal - the PoC of its infection vector
not, even if it calls the same bank's web page.  

According to governmental papers (DRS 17/10379 if 24.07.2012) even the
DDoS tool LOIC is not clearly enough falling under this singular-purpose
requirement and thus usually considered dual-use and thus not illegal.


Having a disclaimer explicitly stating the "for educational or research
purposes only" design won't hurt, though, as it will derail the
exclusively-for-crime requirement - even if only "officially". 

Bye

Volker


PS:
IANAL, thus ask your own lawyer, of course.



-- 

Volker Tanger    http://www.wyae.de/volker.tanger/
--------------------------------------------------
vtlists@...e.de                    PGP Fingerprint
5F25 AF01 D104 70E0 539A  3575 05F9 F616 BBE2 192C


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ