Re: [Full-disclosure] n.runs AG puts §202 law to the test - Tools back online

2007-09-26 Thread gjgowey 
I can picture piles of cd's and hard drives being burned now.

Geoff

Sent from my BlackBerry wireless handheld.

-Original Message-
From: <[EMAIL PROTECTED]>

Date: Wed, 26 Sep 2007 12:29:52 
To:,<[EMAIL PROTECTED]>
Subject: Re: [Full-disclosure]
    n.runs AG puts §202 law to the
 test - Tools back online


Finally the Whitehat Holocaust begins!

Germany is great.

On Wed, 26 Sep 2007 07:52:21 -0400 Thierry Zoller 
<[EMAIL PROTECTED]> wrote:
>Dear List,
>You may or may not have noticed but a lot of German companies and
>researches have pulled their tools from their website in fear of 
>litigation.
>
>We are fed up with the ambiguity and confusion surrounding Germany
>controversial new anti-hacker law and n.runs AG decided to put the 
>law
>to the test, we reuploaded the BTCrack (Bluetooth Cracking tool) 
>and
>futhermore added a new Item, the source code to the Linux port for
>immediate download. [1]
>
>The law, which took effect Aug. 10, mandates fines or prison 
>sentences
>for any person who violates 202a or 202b "by providing access to,
>selling, acquiring, leaving at the disposition of someone, 
>distributing
>or otherwise making accessible" passwords or access control 
>information.
>It also outlaws computer programs whose purpose is solely 
>criminal.
>
>N.runs hopes its actions will encourage other German security 
>firms and
>researchers to put their security tools and research back online 
>as
>well. "The current confusion and uncertainty is affecting everyone
>around here," Jan Münther (CTO) says.
>
>"Germany is most certainly not becoming a safer place because of 
>these
>laws."
>
>
>More Information about the motivation behind this move and more 
>insight
>is available through Dark Reading :
>http://www.darkreading.com/document.asp?doc_id=134646&WT.svl=news1_
>2
>
>[1] http://www.nruns.com/_en/security_tools.php
>PS. The link know really points to a file...
>
>
>Regards,
>Thierry Zoller - Security Engineer
>Fingerprint 9180 F9C9 A0EF BDA3 C46A BFEB B149 0FE4 3AFC 9B09
>
>--
>n.runs AG
>Registergericht Bad Homburg v.d. Höhe, HRB 10399
>Nassauer Straße 60
>61440 Oberursel
>mobil +49 151 5500 2771
>phone +49 6171 699-0
>fax   +49 6171 699-199
>web   http://www.nruns.com
>
>Aufsichtsrat: Vorstand:
>Horst Marscholek (Vorsitzender) Andreas Bruns (Vorsitzender)
>Ulrich Caspar  Alexander Kersting  Donald Lee

--
Track employee hours, payroll, schedules and more!  Click here for more 
information.
http://tagline.hushmail.com/fc/Ioyw6h4dKTalY2KByYKBEtPhPCynUWZI9RmR8FhJ6XhzmWB4ilgIEw/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] n.runs AG puts §202 law to the test - Tools back online

2007-09-26 Thread gjgowey 
Right now I'm having flash backs of Joclyn elders (former American surgeon 
general under the Clinton administration) saying how "we need to make safer 
guns and safer bullets".  Gotta love how logic gets overrided by emotions when 
it comes to laws.

Geoff



Sent from my BlackBerry wireless handheld.

-Original Message-
From: "worried security" <[EMAIL PROTECTED]>

Date: Wed, 26 Sep 2007 17:37:38 
To:full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure]
n.runs AG puts §202 law to t
he test - Tools back online


On 9/26/07, Thierry Zoller <[EMAIL PROTECTED]  > 
wrote: -BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


Dear List,
You may or may not have noticed but a lot of German companies and 
researches have pulled their tools from their website in fear of litigation. 
  
 
I don't think it was necessary for folks scramble to remove existing tools. if 
you got arrested, you could show the police that your tool was uploaded to the 
server before the law was introduced. in short, folks should of been mass 
uploading as much code as they could before the law came into force on August 
10th, not removing it. 
  
If servers are still letting people download but the upload was done before 
August 10th, then it shouldn't count as a criminal act, even if the download is 
available after August 10th. Only uploads to servers should be illegal after 
August 10th, and why just go after folks hosting the tools, why not go after 
the folks downloading the tools too. 
  
In the bigger picture of things, its the folks downloading the tools who are 
the criminals, but how do you distribute those tools to legitimate researchers, 
who only want to progress the journey of explotiation development to safer the 
systems people want to compromise? 
  
not all downloaders are the criminal, so why target the host of the tools, when 
you can use your intelligence agency to monitor folks downloading tools from 
servers and watching what they do with them. 
  
it looks like the german intelligence services are trying to do a short cut by 
outlawing all cyber security research activity, than having control mechanisms 
in place to kick out the rogue researchers from the true researchers. 
  
i know a lot of people who are german, and i know the german mentallity, they 
have said *oh cyber security, this seems like non sense, we only want to 
concentrate on real life bomb intelligence services activity, to cut costs on 
monitoring cyber security legitimate research, lets outlaw it, so its far 
easier on our resources and is less costly for us*. 
  
germany, you need dedicated cyber security teams, germany you need to invest 
millions of money into cyber security. i'm sorry this whole internet thing and 
security is hard to come to terms with, but yeah, deal with it. 
  
undo your law, spend the millions of money you wish you could spend on other 
things. the internet is here to stay and without cyber security research, there 
won't be any cyber security in your country. 
  
and you wonder why china was able to break into your government systems, you'll 
never know if your dumb law has prevented a security researcher from speaking 
out against a vulnerability on your government networks. so the 
vulnerability was left unpatched and the chinese government used it to 
compromise your systems. 
  
have a nice day germany, 
  
n3td3v ___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] n.runs AG puts §202 law to the test - Tools back online

2007-09-26 Thread full-disclosure 
LOL I JUST WANT THE GERMAN GOVERNMENT TO STEP UP AND TREAT 
WHITEHATS LIKE THEY TREATED JEWS HISTORICALLY!!!  REMEMBER THE 
WORLD WAR TWO?

I LOVE GERMANY

On Wed, 26 Sep 2007 12:58:41 -0400 James Matthews 
<[EMAIL PROTECTED]> wrote:
>It is the equivalent of saying that people should stop making 
>defence
>technology because we don't have to have any more wars!
>
>On 9/26/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> 
>wrote:
>>
>> On Wed, 26 Sep 2007 09:44:13 PDT, James Matthews said:
>>
>> > Why isn't there a lobby against this!
>>
>> It's terribly hard to lobby something sensible, if the 
>legislator in
>> question
>> has bought into the "The Four Horsemen(*) of the Internet Must 
>Be Stopped"
>> meme.
>>
>> (*) Terrorists, drug dealers, child pornographers, and copyright
>> infringers.
>> Why all 4 are considered equally bad is beyond me...
>>
>>
>
>
>-- 
>http://www.goldwatches.com/mens/cufflinks.html
>http://www.jewelerslounge.com

--
Click here to save time and money by tracking employee attendance and time.  
http://tagline.hushmail.com/fc/Ioyw6h4dKTar0LtPstKcLyR0OB0c02xshNs9kQ7Eze6hvAJqIhpYsI/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] n.runs AG puts §202 law to the test - Tools back online

2007-09-26 Thread full-disclosure 
Finally the Whitehat Holocaust begins!

Germany is great.

On Wed, 26 Sep 2007 07:52:21 -0400 Thierry Zoller 
<[EMAIL PROTECTED]> wrote:
>Dear List,
>You may or may not have noticed but a lot of German companies and
>researches have pulled their tools from their website in fear of 
>litigation.
>
>We are fed up with the ambiguity and confusion surrounding Germany
>controversial new anti-hacker law and n.runs AG decided to put the 
>law
>to the test, we reuploaded the BTCrack (Bluetooth Cracking tool) 
>and
>futhermore added a new Item, the source code to the Linux port for
>immediate download. [1]
>
>The law, which took effect Aug. 10, mandates fines or prison 
>sentences
>for any person who violates 202a or 202b "by providing access to,
>selling, acquiring, leaving at the disposition of someone, 
>distributing
>or otherwise making accessible" passwords or access control 
>information.
>It also outlaws computer programs whose purpose is solely 
>criminal.
>
>N.runs hopes its actions will encourage other German security 
>firms and
>researchers to put their security tools and research back online 
>as
>well. "The current confusion and uncertainty is affecting everyone
>around here," Jan Münther (CTO) says.
>
>"Germany is most certainly not becoming a safer place because of 
>these
>laws."
>
>
>More Information about the motivation behind this move and more 
>insight
>is available through Dark Reading :
>http://www.darkreading.com/document.asp?doc_id=134646&WT.svl=news1_
>2
>
>[1] http://www.nruns.com/_en/security_tools.php
>PS. The link know really points to a file...
>
>
>Regards,
>Thierry Zoller - Security Engineer
>Fingerprint 9180 F9C9 A0EF BDA3 C46A BFEB B149 0FE4 3AFC 9B09
>
>--
>n.runs AG
>Registergericht Bad Homburg v.d. Höhe, HRB 10399
>Nassauer Straße 60
>61440 Oberursel
>mobil +49 151 5500 2771
>phone +49 6171 699-0
>fax   +49 6171 699-199
>web   http://www.nruns.com
>
>Aufsichtsrat: Vorstand:
>Horst Marscholek (Vorsitzender) Andreas Bruns (Vorsitzender)
>Ulrich Caspar  Alexander Kersting  Donald Lee

--
Track employee hours, payroll, schedules and more!  Click here for more 
information.
http://tagline.hushmail.com/fc/Ioyw6h4dKTalY2KByYKBEtPhPCynUWZI9RmR8FhJ6XhzmWB4ilgIEw/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] n.runs AG puts §202 law to the test - Tools back online

2007-09-26 Thread Thierry Zoller 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


Dear List,
You may or may not have noticed but a lot of German companies and
researches have pulled their tools from their website in fear of litigation.

We are fed up with the ambiguity and confusion surrounding Germany
controversial new anti-hacker law and n.runs AG decided to put the law
to the test, we reuploaded the BTCrack (Bluetooth Cracking tool) and
futhermore added a new Item, the source code to the Linux port for
immediate download. [1]

The law, which took effect Aug. 10, mandates fines or prison sentences
for any person who violates 202a or 202b "by providing access to,
selling, acquiring, leaving at the disposition of someone, distributing
or otherwise making accessible" passwords or access control information.
It also outlaws computer programs whose purpose is solely criminal.

N.runs hopes its actions will encourage other German security firms and
researchers to put their security tools and research back online as
well. "The current confusion and uncertainty is affecting everyone
around here," Jan Münther (CTO) says.

"Germany is most certainly not becoming a safer place because of these
laws."


More Information about the motivation behind this move and more insight
is available through Dark Reading :
http://www.darkreading.com/document.asp?doc_id=134646&WT.svl=news1_2

[1] http://www.nruns.com/_en/security_tools.php
PS. The link know really points to a file...


Regards,
Thierry Zoller - Security Engineer
Fingerprint 9180 F9C9 A0EF BDA3 C46A BFEB B149 0FE4 3AFC 9B09

- --
n.runs AG
Registergericht Bad Homburg v.d. Höhe, HRB 10399
Nassauer Straße 60
61440 Oberursel
mobil +49 151 5500 2771
phone +49 6171 699-0
fax   +49 6171 699-199
web   http://www.nruns.com

Aufsichtsrat: Vorstand:
Horst Marscholek (Vorsitzender) Andreas Bruns (Vorsitzender)
Ulrich Caspar  Alexander Kersting  Donald Lee
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG+kf1sUkP5Dr8mwkRAo8YAJ9yI98SBxyFvUkGL0oZzqtLp5mP0wCcCD1i
N4/Hvvlb6godnpBjMbLxCp8=
=jgZb
-END PGP SIGNATURE-
begin:vcard
fn:Thierry Zoller
n:Zoller;Thierry
org:n.runs AG;Security
email;internet:[EMAIL PROTECTED]
title:Security Engineer
tel;work:+49 6171 699-0
tel;fax:+49 6171 699-199
tel;cell:+49 151 5500 2771 
x-mozilla-html:FALSE
version:2.1
end:vcard

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/