Right now I'm having flash backs of Joclyn elders (former American surgeon
general under the Clinton administration) saying how "we need to make safer
guns and safer bullets". Gotta love how logic gets overrided by emotions when
it comes to laws.
Geoff
Sent from my BlackBerry wireless handheld.
-----Original Message-----
From: "worried security" <[EMAIL PROTECTED]>
Date: Wed, 26 Sep 2007 17:37:38
To:full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure]
n.runs AG puts §202 law to t
he test - Tools back online
On 9/26/07, Thierry Zoller <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> >
wrote: -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear List,
You may or may not have noticed but a lot of German companies and
researches have pulled their tools from their website in fear of litigation.
I don't think it was necessary for folks scramble to remove existing tools. if
you got arrested, you could show the police that your tool was uploaded to the
server before the law was introduced. in short, folks should of been mass
uploading as much code as they could before the law came into force on August
10th, not removing it.
If servers are still letting people download but the upload was done before
August 10th, then it shouldn't count as a criminal act, even if the download is
available after August 10th. Only uploads to servers should be illegal after
August 10th, and why just go after folks hosting the tools, why not go after
the folks downloading the tools too.
In the bigger picture of things, its the folks downloading the tools who are
the criminals, but how do you distribute those tools to legitimate researchers,
who only want to progress the journey of explotiation development to safer the
systems people want to compromise?
not all downloaders are the criminal, so why target the host of the tools, when
you can use your intelligence agency to monitor folks downloading tools from
servers and watching what they do with them.
it looks like the german intelligence services are trying to do a short cut by
outlawing all cyber security research activity, than having control mechanisms
in place to kick out the rogue researchers from the true researchers.
i know a lot of people who are german, and i know the german mentallity, they
have said *oh cyber security, this seems like non sense, we only want to
concentrate on real life bomb intelligence services activity, to cut costs on
monitoring cyber security legitimate research, lets outlaw it, so its far
easier on our resources and is less costly for us*.
germany, you need dedicated cyber security teams, germany you need to invest
millions of money into cyber security. i'm sorry this whole internet thing and
security is hard to come to terms with, but yeah, deal with it.
undo your law, spend the millions of money you wish you could spend on other
things. the internet is here to stay and without cyber security research, there
won't be any cyber security in your country.
and you wonder why china was able to break into your government systems, you'll
never know if your dumb law has prevented a security researcher from speaking
out against a vulnerability on your government networks. so the
vulnerability was left unpatched and the chinese government used it to
compromise your systems.
have a nice day germany,
n3td3v _______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
