lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <E1WWCap-00014R-VG@elasmtp-kukur.atl.sa.earthlink.net>
Date: Fri, 04 Apr 2014 18:29:33 -0400
From: John Young <jya@...eline.com>
To: "Brunner, Mark" <Mark.Brunner@...okfield.com>, fulldisclosure@...lists.org
Subject: Re: [FD] Legality of Open Source Tools

Would you suggest it is time to license security professionals like
architects, engineers, doctors and others lawfully empowered to
police hazardous systems in the public interest?

A code of security industry standards, like building and health
codes, might then be needed to assure compliance by requiring
preparation and publicly filing security system documents for
review by officials and, if satisfactory, issuing a permit to install the
systems, then official inspection of them after installation, then
periodic inspections thereafter to assure the systems remain
safe and secure.

Professional liability insurance would be requried to protect
the client, along with mandatory continuing education to renew
licensure.

Disastrous security failures might then lead to prosecution for
malpractice, loss of license, jail, fines and banning to philosophizing
about security risks at well-paying conferences, and at the very best,
a lucrative position with official or corporate regulators to oversee
the security industry, occasional lectures at universities and spy
agencies at home and abroad, even lifetime achievement prizes,
hell, why not a Nobel.

Damn fine idea, this just might put security above used car
sales as a profession, at last topping politicians.

Btw, is "security architect" a legal use of the term architect?

At 03:18 PM 4/4/2014, you wrote:
>Real people can die if you move the right 
>electrons attached to say life support systems 
>in buildings, water treatment plants, hydro 
>electric dams, and power stations.  Real people 
>will be affected if you manipulate electrons 
>associated with banking, investing and finance.
>
>Mark
>
>
>
>Mark Brunner
>Security Architect
>
>
>Brookfield Corporate Operations
>eArchitecture and Enterprise Information Security
>1 Adelaide Street East, Suite 1400, Toronto, ON M5C 2V9
>T 416.649.8206, F 416.649.8245
>Mark.Brunner@...okfield.com
>
>
>
>View important disclosures and information about 
>our e-mail policies  http://www.brookfield.com/emaildisclaimer.
>
>-----Original Message-----
>From: Fulldisclosure 
>[mailto:fulldisclosure-bounces@...lists.org] On Behalf Of Andres Riancho
>Sent: Friday, April 04, 2014 2:57 PM
>To: Not EcksKaySeeDee
>Cc: fulldisclosure@...lists.org
>Subject: Re: [FD] Legality of Open Source Tools
>
>Software is SO different to a gun... you can't really compare them.
>Real people will die in most cases when a gun is 
>misused, only electrons are disturbed (in the 
>great majority of cases) if you misuse a hacking tool.
>
>On Fri, Apr 4, 2014 at 3:50 PM, Not 
>EcksKaySeeDee <noteckskayseedee@...il.com> wrote:
> > Re: Use of a disclaimer on these sort of tools (i.e., those that can
> > harm and/or be used for good).
> >
> > Wonder if any gun dealer applied something similar in their shop, or
> > for that matter, in a hardware store under the hammer section.
> >
> >
> > On Fri, Apr 4, 2014 at 2:29 PM, Andres Riancho
> > <andres.riancho@...il.com>
> > wrote:
> >>
> >> Hi. As w3af's project leader I've not received any legal threats over
> >> the seven years this project has been alive.
> >>
> >> Only a couple of months ago, and just to be sure, I added this
> >> disclaimer which users need to accept to run the tool.
> >>
> >> DISCLAIMER = """Usage of w3af for sending any traffic to a target
> >> without prior mutual consent is illegal. It is the end user's
> >> responsibility to  obey all applicable local, state and federal laws.
> >> Developers assume no liability  and are not responsible for any
> >> misuse or damage caused by this program."""
> >>
> >> On Fri, Apr 4, 2014 at 7:58 AM, Bryan Bickford
> >> <bryan@...wildhats.com>
> >> wrote:
> >> > Greetings
> >> >
> >> > I am a security researcher who is working on a project in my free
> >> > time, without going into details - the project will end with a
> >> > powerful tool being publicly released.
> >> >
> >> > Obviously most cyber security tools have the potential for abuse.
> >> > What sort of legal hurdles (if any) do you need to overcome to
> >> > protect yourself when releasing software along the lines of
> >> > metasploit?
> >> >
> >> > _______________________________________________
> >> > Sent through the Full Disclosure mailing list
> >> > http://nmap.org/mailman/listinfo/fulldisclosure
> >> > Web Archives & RSS: http://seclists.org/fulldisclosure/
> >>
> >>
> >>
> >> --
> >> Andrés Riancho
> >> Project Leader at w3af - http://w3af.org/ Web Application Attack and
> >> Audit Framework
> >> Twitter: @w3af
> >> GPG: 0x93C344F3
> >>
> >> _______________________________________________
> >> Sent through the Full Disclosure mailing list
> >> http://nmap.org/mailman/listinfo/fulldisclosure
> >> Web Archives & RSS: http://seclists.org/fulldisclosure/
> >
> >
>
>
>
>--
>Andrés Riancho
>Project Leader at w3af - http://w3af.org/ Web 
>Application Attack and Audit Framework
>Twitter: @w3af
>GPG: 0x93C344F3
>
>_______________________________________________
>Sent through the Full Disclosure mailing list 
>http://nmap.org/mailman/listinfo/fulldisclosure
>Web Archives & RSS: http://seclists.org/fulldisclosure/
>
>_______________________________________________
>Sent through the Full Disclosure mailing list
>http://nmap.org/mailman/listinfo/fulldisclosure
>Web Archives & RSS: http://seclists.org/fulldisclosure/



_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ