Re: [FD] Legality of Open Source Tools

[Daniel Wood]

Toni,

The English version has this information in Chapter 38, I didn't find it in a 
Chapter 34. 

The key to all this is the language of intent, using verbiage such as 
aggravated, unlawful, and to cause detriment. This is the same as the 
United States and many other countries; if you don't have the intention to 
cause harm, it can be argued as a lack of 'mens rea' which is Latin for guilty 
mind. In order for it to be considered a crime (legally speaking at least in 
the United States) you need that key component with the actual act of 
committing the crime (known as 'actus reus'). 

I'm not saying that Finland or any other country is the same as the United 
States, but having studied Criminal Law, I do know that many countries have 
similar code on the books.

If you're truly concerned, I would write or speak to your court representative 
for clarification. 

Daniel

 On Apr 5, 2014, at 6:23 AM, Toni Korpela ad...@xorfork.com wrote:
 
 Greetings from Finland.
 
 I know that here it is illegal to import, manufacture, sell
 or otherwise distribute such machine or software which
 are designed to endanger or harm information and
 communication systems.
 
 This is stated in chapter 34 § 9a. Then again § 9b states
 that it is illegal to posess machine, software and access
 information into systems which you can use to endanger
 or harm information and communication
 systems.
 
 Basically this means that I am not allowed to have ping,
 nmap or other networking / penetration testing tools
 which can be used for harm installed on my computer.
 Though I am not certain if any of these computer
 security laws have been used to penalize someone.
 
 I am not certain if penetration testing tools belong to
 the category of tools which are designed to endanger
 or harm information and communication systems.
 
 It's quite harsh if I could get fines or maximum of 2 years jail
 for having Linux distribution with some networking tools
 installed on my computer.
 
 -Toni
 
 ___
 Sent through the Full Disclosure mailing list
 http://nmap.org/mailman/listinfo/fulldisclosure
 Web Archives  RSS: http://seclists.org/fulldisclosure/

___
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives  RSS: http://seclists.org/fulldisclosure/

Re: [FD] Legality of Open Source Tools

[Brandon Perry]

If I recall correctly, version 1 of metasploit actually had exploits for
*live* sites (a bank) and things, so that is obviously an issue. I don't
even think you will find a copy of the first version of metasploit (does HD
have one locked up somewhere, who knows).

Currently, metasploit is a hammer. People kill other people with hammers,
but they build substantially more things than people killed.

I think you need to define what sort of legal troubles you expect with open
source projects. CFAA-type legal troubles, or licensing (GPL vs MIT/BSD)
legal troubles.

Pretty sure source code is considered free speech. So I don't think you can
be held accountable for source code that you release *that you wrote
yourself*.



On Fri, Apr 4, 2014 at 5:58 AM, Bryan Bickford br...@unhwildhats.comwrote:

 Greetings

 I am a security researcher who is working on a project in my free time,
 without going into details - the project will end with a powerful tool
 being publicly released.

 Obviously most cyber security tools have the potential for abuse. What sort
 of legal hurdles (if any) do you need to overcome to protect yourself when
 releasing software along the lines of metasploit?

 ___
 Sent through the Full Disclosure mailing list
 http://nmap.org/mailman/listinfo/fulldisclosure
 Web Archives  RSS: http://seclists.org/fulldisclosure/




-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website

___
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives  RSS: http://seclists.org/fulldisclosure/