New to the mailing list, sorry if this is formatted improperly. Does the 'intrusion software' category include open-source stuff like Metasploit?
Also, how will this affect software security testing by private companies? Many infosec consulting companies have in-house proprietary software for pentesting. On Wed, Jan 8, 2014 at 1:38 PM, <d...@geer.org> wrote: > > Keying off of one phrase alone, > > > This combat is about far more than crypto... > > I suggest you immediately familiarize yourself with last month's > changes to the Wassenaar Agreement, perhaps starting here: > > > http://oti.newamerica.net/blogposts/2013/international_agreement_reached_controlling_export_of_mass_and_intrusive_surveillance > > Precis: Two new classes of export prohibited software: > > Intrusion software > > "Software" specially designed or modified to avoid detection > by 'monitoring tools', or to defeat 'protective countermeasures', > of a computer or network capable device, and performing any of > the following: > > a. The extraction of data or information, from a computer or > network capable device, or the modification of system or user > data; or > > b. The modification of the standard execution path of a program > or process in order to allow the execution of externally provided > instructions. > > IP network surveillance systems > > 5. A. 1. j. IP network communications surveillance systems or > equipment, and specially designed components therefor, having > all of the following: > > 1. Performing all of the following on a carrier class IP network > (e.g., national grade IP backbone): > > a. Analysis at the application layer (e.g., Layer 7 of Open > Systems Interconnection (OSI) model (ISO/IEC 7498-1)); > > b. Extraction of selected metadata and application content > (e.g., voice, video, messages, attachments); and > > c. Indexing of extracted data; and > > 2. Being specially designed to carry out all of the following: > > a. Execution of searches on the basis of 'hard selectors'; and > > b. Mapping of the relational network of an individual or of a > group of people. > > > All the same arguments that applied exportation bans for crypto > software apply here, especially that of pointlessness. > > --dan > > [ Software doesn't spy on people; people spy on people ] > > _______________________________________________ > cryptography mailing list > cryptography@randombit.net > http://lists.randombit.net/mailman/listinfo/cryptography >
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
