Mailinglist Archive: opensuse-security (471 mails)
| < Previous | Next > |
RE: [suse-security] UE draft on cybercrime
- From: "bacano" <bacano@xxxxxxxxxxxx>
- Date: Fri, 27 Oct 2000 21:23:55 +0100
- Message-id: <003301c04053$d561e600$960a16c3@piii550>
Hi2all
It's nice to see that some people here share my concerns about this. Like
software, laws got holes, so laws about software usually have 'the best' of
both worlds. I did had some interesting 'issues' in my life about this, but
this is not the point, this is just a kind of justification about my
interest in the issue.
<bolo@xxxxxxx> said:
> This draft is horribly incomplete, opens possibly dangerous legislative
> backdoors and generally is no good basis for further
discussion/legislation in
> the area of computer security. What the makers of this draft don't want to
> understand is that even the most strict laws are nonsense if the person
you
> want to hit with this law can not be found out. And we all know how
difficult
> it is to trace a hacker or even get a general idea where he or she was
coming
> from when he or she attacks several hosts.
Danger #1: If they are not sure if the suspect is the right suspect, but
since he had 'illegal' software, is a defendant anyway (and the witch hunt
will start right here).
> Some may say that it's a good thing to prohibit and/or illegalize the
> production of trojan programs like back orifice or netbus which are
clearly
> programmed to cause trouble and to overtake foreign systems, but where do
they
> stop? Do they (the european council) really intend to prohibit security
apps
> like nmap, sniffit or the like? Are they up to lay the power of network
> security investigations in the hands of big companies who are able to
proof
> (with lots of bakshish) that they are using their security tools
> "according the law"?
Danger #2: If a 'certified' vendor makes the tool, it's legal. A private
team makes a tool of the same kind (some times better), it's illegal (we had
seen this before, didn't we?)
> The whole draft convention reads like a NSA paper in certain parts,
specially
> where speech turns to collection and archiving of traffic data. I don't
want to
> spread the fear of the "big brother", but I for myself would be much more
> alert and subversive if this convention turns into reality - and that is
what
> most criminal elements will do, too; the real bad boys know how to protect
> themselves of being caught, regardless wether there are renewed laws or
not.
Danger #3: Again, the small fish is in trouble while the big fish will be
out of danger
<oldenburg@xxxxxxxxxxxx> said:
> Any chance this legislation could be MS sponsered? Who is actually the
> brainchild of this draconian document? Soemhow I just cannot see some old
MEP
> in Brussles formulating this for obvious reasons.
Today i had listen a local 'economist' guru saying that what will happend in
the future will be worldwide corps sponsoring and choosing goverments. I
suppose MS is big enough for that, the sponsership is just not clear, if it
exist anyway, but who knows? i dont know, but i'll not be surprised even.
There was an issue that was not public, the 128-bit upgrade of IE, that was
supposed not be available outside US and Canada. The fact was that it was
available worldwide, under a simple condition. Then they change their policy
and let local authorities handle that. Probably now, they luv too see
'proper' laws approved...
<listuser@xxxxxxxxxxxx> said:
> I would say it is when it'll make things like nmap and tcpdump illegal. Of
> course once the treaty passes there is still a large window before
countries
> pass laws to actually implement it, but this treaty scares the bejezus out
of
> me, lists like Linux-Security will also be illegal, and vendor advisories
that
> show how to exploit a problem would also be illegal (my interpetation
might be
> wrong, but the way the treaty is going ..... ).
Law Hole #1: All laws that UE approve, must be regulated in each contry.
Before that it just continue to be a draft.
Law Hole #2: They say it will be exceptions to the law, like for legal
system administrators, so i just have to create an enterprise about Security
Consulting, and all staff will be 'legal'. And i will not have to pay
sallaries, people will pay me for having a job :>
Final note about other mails regaring the Microsoft hack, passwords from
their servers where allways travelling around the globe, now that was public
;)
(i'm afraid to say that only now they had discover that)
[ ]'s bacano
It's nice to see that some people here share my concerns about this. Like
software, laws got holes, so laws about software usually have 'the best' of
both worlds. I did had some interesting 'issues' in my life about this, but
this is not the point, this is just a kind of justification about my
interest in the issue.
<bolo@xxxxxxx> said:
> This draft is horribly incomplete, opens possibly dangerous legislative
> backdoors and generally is no good basis for further
discussion/legislation in
> the area of computer security. What the makers of this draft don't want to
> understand is that even the most strict laws are nonsense if the person
you
> want to hit with this law can not be found out. And we all know how
difficult
> it is to trace a hacker or even get a general idea where he or she was
coming
> from when he or she attacks several hosts.
Danger #1: If they are not sure if the suspect is the right suspect, but
since he had 'illegal' software, is a defendant anyway (and the witch hunt
will start right here).
> Some may say that it's a good thing to prohibit and/or illegalize the
> production of trojan programs like back orifice or netbus which are
clearly
> programmed to cause trouble and to overtake foreign systems, but where do
they
> stop? Do they (the european council) really intend to prohibit security
apps
> like nmap, sniffit or the like? Are they up to lay the power of network
> security investigations in the hands of big companies who are able to
proof
> (with lots of bakshish) that they are using their security tools
> "according the law"?
Danger #2: If a 'certified' vendor makes the tool, it's legal. A private
team makes a tool of the same kind (some times better), it's illegal (we had
seen this before, didn't we?)
> The whole draft convention reads like a NSA paper in certain parts,
specially
> where speech turns to collection and archiving of traffic data. I don't
want to
> spread the fear of the "big brother", but I for myself would be much more
> alert and subversive if this convention turns into reality - and that is
what
> most criminal elements will do, too; the real bad boys know how to protect
> themselves of being caught, regardless wether there are renewed laws or
not.
Danger #3: Again, the small fish is in trouble while the big fish will be
out of danger
<oldenburg@xxxxxxxxxxxx> said:
> Any chance this legislation could be MS sponsered? Who is actually the
> brainchild of this draconian document? Soemhow I just cannot see some old
MEP
> in Brussles formulating this for obvious reasons.
Today i had listen a local 'economist' guru saying that what will happend in
the future will be worldwide corps sponsoring and choosing goverments. I
suppose MS is big enough for that, the sponsership is just not clear, if it
exist anyway, but who knows? i dont know, but i'll not be surprised even.
There was an issue that was not public, the 128-bit upgrade of IE, that was
supposed not be available outside US and Canada. The fact was that it was
available worldwide, under a simple condition. Then they change their policy
and let local authorities handle that. Probably now, they luv too see
'proper' laws approved...
<listuser@xxxxxxxxxxxx> said:
> I would say it is when it'll make things like nmap and tcpdump illegal. Of
> course once the treaty passes there is still a large window before
countries
> pass laws to actually implement it, but this treaty scares the bejezus out
of
> me, lists like Linux-Security will also be illegal, and vendor advisories
that
> show how to exploit a problem would also be illegal (my interpetation
might be
> wrong, but the way the treaty is going ..... ).
Law Hole #1: All laws that UE approve, must be regulated in each contry.
Before that it just continue to be a draft.
Law Hole #2: They say it will be exceptions to the law, like for legal
system administrators, so i just have to create an enterprise about Security
Consulting, and all staff will be 'legal'. And i will not have to pay
sallaries, people will pay me for having a job :>
Final note about other mails regaring the Microsoft hack, passwords from
their servers where allways travelling around the globe, now that was public
;)
(i'm afraid to say that only now they had discover that)
[ ]'s bacano
| < Previous | Next > |