Mailinglist Archive: opensuse-security (26 mails)

[Marcus Meissner <meissner@xxxxxxx>]

On Sun, Nov 16, 2008 at 09:08:02AM -0600, Rajko M. wrote:
> On Sunday 16 November 2008 03:42:28 am Marcus Meissner wrote:
> ...
> > nmap, nessus, wireshark can be explained as debugging tools, they do
> > not actually intrude on systems.
> >
> > Metasploit with its ready made intrusion exploits is definitely a
> > "hacker tool" under the new german law, so we cannot include it.
>
> It is the same as the difference between knives and hammers. 
> It is more psychological than actual.  
>
> You can be arrested in the restaurant as a guest for having sharp, pointy 
> knife (kitchen, bowie, doesn't matter), but not for having hammer. While it 
> is easier to explain why you have knife, than hammer, historically sharp, 
> pointy knives were used to kill more often than hammers, and that reflects in 
> the law. 
>
> Both are just tools. How they would be used decides user, not a tool. 
> What makes the difference is how those tools were used in the past in the 
> particular situation. In above example even cook having kitchen knife in 
> lunch room is not considered normal. 
>
> While any mentioned tool is, or should be, part of a computer security 
> toolbox, without knowing user intentions, past activity of the user makes the 
> difference. 
>
> The problem with a new law is that you have no way to acquire license to have 
> those tools, like with a guns. Security expert, trainee in security field, 
> network administrator, company that is probing security of customer network, 
> should have right to have them legally, just as people handling money, 
> private investigators, hunters can have guns. 

Well, do not tell that us, tell it to the german government. ;)

We and various groups tried in various ways as the govt agreed to this
law, but failed.

Ciao, Marcus
-- 
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx