[opensuse-project] Does this mean OpenSUSE will be dropping Wireshark?
From an announcement of Arstechnica at http://tinyurl.com/2yjqoq
Does this mean OpenSUSE, SLES etc. - which I understand has a lot of engineering force in Germany - will have to drop products like Wireshark? Jim -- Jim Pye PyeNet Universal http://www.pyenet.co.nz --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
On Fri, Jun 01, 2007 at 09:20:15AM +1200, Jim Pye wrote:
From an announcement of Arstechnica at http://tinyurl.com/2yjqoq
Does this mean OpenSUSE, SLES etc. - which I understand has a lot of engineering force in Germany - will have to drop products like Wireshark?
Wireshark is not really a intrusion helper tool. Aircrack-NG would be more of one. And the law is _not_ final, it has to be ratified by the "Bundesrat" first, which the latter might not do. And if this law conflicts with EU law it might get overturned even then. Our legal guys are looking at it and we will see what happens. So far we adopt a "wait and see" attitude. Ciao, Marcus --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
On Thursday 31 May 2007 16:30, Marcus Meissner wrote:
And the law is _not_ final, it has to be ratified by the "Bundesrat" first, which the latter might not do.
And if this law conflicts with EU law it might get overturned even then. hi from usa,
I have question: Is the Bundesrat the equivalent of US Senate--- or UK House of Lords? I am seeing articles that say the law was approved a year ago, and finally adopted this week. How does the "bill" process work in Germany? Does the provision go into a Bundesrat committee now, or does it go to the floor for discussion and vote? Will the international lobby play into this any? Sounds like nmap will soon be verboten. Mit freundlichen Grüßen, -- Kind regards, M Harris <>< --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
On Thursday 31 May 2007 16:51, M Harris wrote:
I am seeing articles that say the law was approved a year ago, and finally adopted this week.
Like this article which states the law has been passed, but does not mention the Bundesrat: http://arstechnica.com/news.ars/post/20070528-germany-adopts-anti-hacker-law... How long till "final" form? Also, who actually makes the distinctions that Randall is talking about... or is this something that must be sorted out much later in the courts? -- Kind regards, M Harris <>< --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
On May 31, 07 23:30:06 +0200, Marcus Meissner wrote:
On Fri, Jun 01, 2007 at 09:20:15AM +1200, Jim Pye wrote:
From an announcement of Arstechnica at http://tinyurl.com/2yjqoq
Does this mean OpenSUSE, SLES etc. - which I understand has a lot of engineering force in Germany - will have to drop products like Wireshark?
Wireshark is not really a intrusion helper tool.
Aircrack-NG would be more of one.
Aircrack! Right. I shall throw aircrack into the discussion with legal. Could anybody think of a 'legal' use of aircrack?
And the law is _not_ final, it has to be ratified by the "Bundesrat" first, which the latter might not do.
Right. It is still time to unroll some transparents and march towards Berlin! :-)
Our legal guys are looking at it and we will see what happens.
Our current working hypothesis is, that this law only makes sense, if we assume its wording is sloppy. It makes sense if it actually meant to adress those tools whose *only* use is an illegal use.
So far we adopt a "wait and see" attitude.
Right. Our juristic system apparently slowly turns into a case law system. We are more and more unable to interpret german law reliably. This is very sad. IANAL, luckily. cheers, Jw. -- o \ Juergen Weigert paint it green! __/ _=======.=======_ <V> | jw@suse.de wide open suse_/ _---|____________\/ \ | 0911 74053-508 (tm)__/ (____/ /\ (/) | __________________________/ _/ \_ vim:set sw=2 wm=8 SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) "Oral agreements are worth about as much as the paper they are written on." --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
Hello, Juergen Weigert wrote:
Aircrack-NG would be more of one.
Aircrack! Right. I shall throw aircrack into the discussion with legal. Could anybody think of a 'legal' use of aircrack?
Yes, if it worked with my Intel wifi, I would use it to test the security my own wireless network. I have noname (Planet) AP with a confusing web interface. I can only be sure, that my network is secure and not mis configured, if I can't break it. I think, that a preventive security test of my own network should be legal, just as using nmap against my own machines. Bye, CzP --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
Juergen Weigert escribió:
Aircrack! Right. I shall throw aircrack into the discussion with legal. Could anybody think of a 'legal' use of aircrack?
Of course, testing my own wifi network security.. that's absolutely legal ,) ps. I suspect someday law will forbid my kitchen's knifes because they can potentially be used to kill my neighboard in case they annoy me, and then I will need to be back to the old and good Paleolithic times *g* =)
http://lists.opensuse.org/opensuse/2007-05/msg02500.html Please dont use "attention whore" subjects... You could have made it more to the point and informative than that.... On 5/31/07, Jim Pye <jim.pye@pyenet.co.nz> wrote:
From an announcement of Arstechnica at http://tinyurl.com/2yjqoq
Does this mean OpenSUSE, SLES etc. - which I understand has a lot of engineering force in Germany - will have to drop products like Wireshark?
Jim -- Jim Pye PyeNet Universal
--------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
--------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
On Thursday 31 May 2007 14:20, Jim Pye wrote:
From an announcement of Arstechnica at http://tinyurl.com/2yjqoq
Does this mean OpenSUSE, SLES etc. - which I understand has a lot of engineering force in Germany - will have to drop products like Wireshark?
The topic of this law (not yet in force, if I understood what was written on the openSUSE list) came up in the last couple of days. Wireshark is a passive analyzer / sniffer, right? If so, then I wouldn't think it would come under the provisions of this law. However, other code included in any comprehensive Linux distribution presumably would. Even if Wireshark can synthesize and transmit packets, it doesn't really generate the kind of traffic that could constitute a probe of a host's vulnerabilities? Or does it? I've only used it a little and in fairly simple ways. Anyway, see the openSUSE list topic "opensuse repositories now illegal in Germany" which began on 2007-05-28 at 1:24 PDT (GMT - 7).
Jim
Randall Schulz --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Thursday 2007-05-31 at 14:35 -0700, Randall R Schulz wrote:
Wireshark is a passive analyzer / sniffer, right? If so, then I wouldn't think it would come under the provisions of this law.
Mmmm... It could be used to sniff passwords going in clear on a network, or sniffing private data like email being sent/received, and use that info to tailor a social engineering attack. Yep, wait and see... we can only idle-talk. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGX1ORtTMYHG2NR9URAl1WAJ9TeTR2M7KxVMce2jrr7FhTgmEyTQCcCNVW dmoV9wD0oUtk9DwXXlWZZLM= =6iBr -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
On Thursday 31 May 2007 16:00, Carlos E. R. wrote:
The Thursday 2007-05-31 at 14:35 -0700, Randall R Schulz wrote:
Wireshark is a passive analyzer / sniffer, right? If so, then I wouldn't think it would come under the provisions of this law.
Mmmm...
It could be used to sniff passwords going in clear on a network,
Well, if people are asking to have their passwords stolen, then they should be accommodated. In the U.S., at least in certain contexts, one has to demonstrate an effort to protect some kind of property before one is entitled to the protection of the law when that property is lands in another's hands.
or sniffing private data like email being sent/received, and use that info to tailor a social engineering attack.
Yep, wait and see... we can only idle-talk.
The most fun kind of talk, right? Randall Schulz --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Thursday 2007-05-31 at 16:17 -0700, Randall R Schulz wrote:
Mmmm...
It could be used to sniff passwords going in clear on a network,
Well, if people are asking to have their passwords stolen, then they should be accommodated.
Well... there are many common protocols in frequent use that send sensitive info in clear: email is the main one. Most of the pop3 servers I use require password in clear, for instance; then, even if the password is encrypted, the payload is not. The smtp protocol does the same. Then there is http: many pages login do not use https. Some use it, then the webmail behind is in clear. And those are not under our control, we are just users (mostly).
In the U.S., at least in certain contexts, one has to demonstrate an effort to protect some kind of property before one is entitled to the protection of the law when that property is lands in another's hands.
Interesting. I remember being told that stolen cars were not really stolen, because they were properties left unattended on the street, for anyone to take away. They don't get the same protection from the law as a TV inside a house.
or sniffing private data like email being sent/received, and use that info to tailor a social engineering attack.
Yep, wait and see... we can only idle-talk.
The most fun kind of talk, right?
O:-) - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGX+metTMYHG2NR9URAkuAAJ4vOnTjjXw3+iq0Al68VVU3+cPbPQCfVcQ2 CKogctKa0bkxvPIR8z9pZyk= =Qc0C -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Thursday 2007-05-31 at 16:17 -0700, Randall R Schulz wrote: [OT branch, humour + security ]
It could be used to sniff passwords going in clear on a network,
Well, if people are asking to have their passwords stolen, then they should be accommodated.
I forgot. Have a look and laugh: Neighbours stealing your Internet? Have fun <http://blogs.techrepublic.com.com/networking/?p=255&tag=nl.e138> <http://www.ex-parrot.com/~pete/upside-down-ternet.html> - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGX+qwtTMYHG2NR9URAiOBAJ0bmWcvBGn8UriWjRo+ZnoK2b+O0QCeNHuW Aeh+F9x8/Nyz5OWm7qdveIs= =9SBl -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
participants (9)
-
Carlos E. R. -
Cristian Rodriguez R. -
Druid -
Jim Pye -
Juergen Weigert -
M Harris -
Marcus Meissner -
Peter Czanik -
Randall R Schulz