On Sunday 16 November 2008 03:42:28 am Marcus Meissner wrote: ...
nmap, nessus, wireshark can be explained as debugging tools, they do not actually intrude on systems.
Metasploit with its ready made intrusion exploits is definitely a "hacker tool" under the new german law, so we cannot include it.
It is the same as the difference between knives and hammers. It is more psychological than actual. You can be arrested in the restaurant as a guest for having sharp, pointy knife (kitchen, bowie, doesn't matter), but not for having hammer. While it is easier to explain why you have knife, than hammer, historically sharp, pointy knives were used to kill more often than hammers, and that reflects in the law. Both are just tools. How they would be used decides user, not a tool. What makes the difference is how those tools were used in the past in the particular situation. In above example even cook having kitchen knife in lunch room is not considered normal. While any mentioned tool is, or should be, part of a computer security toolbox, without knowing user intentions, past activity of the user makes the difference. The problem with a new law is that you have no way to acquire license to have those tools, like with a guns. Security expert, trainee in security field, network administrator, company that is probing security of customer network, should have right to have them legally, just as people handling money, private investigators, hunters can have guns. -- Regards, Rajko -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org