Has anybody here read about the european cybercrime act? It distrubs me quite much to not have seen anything on slashdot and in this list about it. Do you no what impact this thing will have on our work? It will make our work nearly impossible by making it illegal to use tools like nmap, nessus, statan under ANY circumstances. This thing will become a LAW within the next few weeks (probably months). It has got that far that there is only one voting left to make it a law, and there is nobody there who knows a thing about security and privacy and they will harm ALL of us. Regards Jochen P.S.: The draft is located here http://stars.coe.int/doc/doc01/EDOC9031.htm
Old data but still usefull prolly: http://www.securityportal.com/lasg/logging/ Psionic Logcheck Psionic Logcheck will go through the messages file (and others) on a regular basis (invoked via crontab usually) and email out a report of any suspicious activity. It is easily configurable with several 'classes' of items, active penetration attempts which is screams about immediately, bad activity, and activity to be ignored (for example DNS server statistics or SSH rekeying). Psionic Logcheck is available from: http://www.psionic.com/abacus/logcheck/. colorlogs colorlogs will color code log files allowing you to easily spot suspicious activity. Based on a config file it looks for keywords and colors the lines (red, cyan, etc.), it takes input from STDIN so you can use it to review log files quickly (by using "cat", "tail" or other utilities to feed the log file through the program). You can get it at: http://www.resentment.org/projects/colorlogs/. WOTS WOTS collects log files from multiple sources and will generate reports or take action based on what you tell it to do. WOTS looks for regular expressions you define and then executes the commands you list (mail a report, sound an alert, etc.). WOTS requires you have Perl installed and is available from: http://www.vcpc.univie.ac.at/~tc/tools/. swatch swatch is very similar to WOTS, and the log files configuration is very similar. You can download swatch from: ftp://ftp.stanford.edu/general/security-tools/swatch/. there's others to but I need to update that page. Kurt Seifried, seifried@securityportal.com Securityportal - your focal point for security on the 'net
Hi, On 27-Apr-01 jochen mader wrote:
Has anybody here read about the european cybercrime act? It distrubs me quite much to not have seen anything on slashdot and in this list about it. Do you no what impact this thing will have on our work? It will make our work nearly impossible by making it illegal to use tools like nmap, nessus, statan under ANY circumstances.
Some months ago I covered this issue (in suse-security and bugtraq) and expressed my feelings against the new cybercrime draft convention (together with lots of concerned admins, security personell and other interested parties). Unfortunately, it seems that the EU is not willing to withdraw this overwhelmingly stupid convention, so it will probably be introduced. The convention itself does not represent some kind of "law", it basically is a framework for the members of the EU to implement nationwide anti-cybercrime legislation themselves. The EU correctly rates cybercrime as a serious threat to the net community and to companies doing business over the internet, but they did not consult any experts or security professionals to compile their convention. This lack of expert advise is clearly recogniseable if you read through the current version of this paper. If you are paranoid enough and browse through recent news stories about network security and incident handling, you may have turned up some documents covering certain issues discussed by top spooks at the NSA about gouvernmental access to traffic- and user data via dedicated sniffing devices ("lil' Echelons"). These devices would be installed in ISP networks and peers, and would collect any data worth of interest. As the EU cybercrime convention deals with this covert access in some paragraphs it may not be invalid to deduce that this will be the starting point of some kind of a global wiretapping network between national intelligence groups. As the convention itself can not be stopped anymore we should try to influence the local EU gouvernments/members towards a more sophisticated approach to the whole cybercrime thing. After all, we should give it a try.
This thing will become a LAW within the next few weeks (probably months). It has got that far that there is only one voting left to make it a law, and there is nobody there who knows a thing about security and privacy and they will harm ALL of us.
Regards Jochen
P.S.: The draft is located here http://stars.coe.int/doc/doc01/EDOC9031.htm [...]
Yow, --- Boris Lorenz <bolo@lupa.de> System Security Admin *nix - *nux ---
Hi, here in Austria (and probably in Germany too) we have a data protection law that makes most logfiles illegal. Only data necessary for billing and technical aspects my be logged. So I act illegal like every other ISP and internet related company. The prosecution authorities seem to cooperate with the ISPA (ISP Association) in a questionable and probably illegal way. (The ISPA was funded after the prosecution authorities shut down an ISP in an illegal way) There are evidences, that members of the ISPA gave information in an illegal context to investigation authorities that lead to the arrest to criminals like virus/worm authors and such. The politicians seem not to care about ISPs or the (independent) internet at all, in fact the former telephony monopolist has strong support from the gouvernment and that has not changed, even after a new political party became a member of the gouvernment. So they had no problem establishing laws that take all the ISP/inernet related companies out of bussines and transfer the customers to the former monopolist. I will keep my logs and give acces to them only upon a judges order in the context of a lawsuit. Of course I have my siutcase packed to be ready to leave the country fast ;). After all, the current documents in relation to the ETSI publications seem to indicate they are targeted against backbone equippment to provide user profiles (for now). The words of the documents if transferred to local laws unchanged will open easy ways to "real time" onlinen access requrements to logfiles. In that case I have to transfer my servers to somewhere outside the EU, because I cannot pay the additional transfercost (given that the per MB cost are relative high here). From teh technical point of view I could duplicate the logfiles, one with access of the law enforcment agencies, one without. mike
On Friday 27 April 2001 22:12, you wrote:
Hi,
here in Austria (and probably in Germany too) we have a data protection law that makes most logfiles illegal. Only data necessary for billing and technical aspects my be logged. So I act illegal like every other ISP and internet related company. Jip, the same in Germany, the probleme is a simple one: EU-law breaks country law (hope it's the right word). Just another remark: parts of this cybercrime act are in opposition to the German constitution
The prosecution authorities seem to cooperate with the ISPA (ISP Association) in a questionable and probably illegal way. (The ISPA was funded after the prosecution authorities shut down an ISP in an illegal way) There are evidences, that members of the ISPA gave information in an illegal context to investigation authorities that lead to the arrest to criminals like virus/worm authors and such.
Ever heard about another lawinitiative in Germany 'Der große Lauschangriff' this thing gave the allowance to the authorities to do the things they have been doing illegaly for the last years. An interesting thing is that the organisations who are the biggest supporters of the cybercrime act are the police and secret agencies. "snip"
After all, the current documents in relation to the ETSI publications seem to indicate they are targeted against backbone equippment to provide user profiles (for now). The words of the documents if transferred to local laws unchanged will open easy ways to "real time" onlinen access requrements to logfiles. In that case I have to transfer my servers to somewhere outside the EU, because I cannot pay the additional transfercost (given that the per MB cost are relative high here). From teh technical point of view I could duplicate the logfiles, one with access of the law enforcment agencies, one without.
mike
:-) Regards Jochen
hello, i don't know what you can do. Looks like those ppl are out of their minds as usual. if you really want to be on the right side of the law, then you can get a shell a/c on a friendly US/Asian server and then use it. Slow, but then worth it. But how the hell can you scan your internal network, that needs it the most ? regards omicron On Fri, 27 Apr 2001, jochen mader wrote:
Has anybody here read about the european cybercrime act? It distrubs me quite much to not have seen anything on slashdot and in this list about it. Do you no what impact this thing will have on our work? It will make our work nearly impossible by making it illegal to use tools like nmap, nessus, statan under ANY circumstances. This thing will become a LAW within the next few weeks (probably months). It has got that far that there is only one voting left to make it a law, and there is nobody there who knows a thing about security and privacy and they will harm ALL of us.
Regards Jochen
P.S.: The draft is located here http://stars.coe.int/doc/doc01/EDOC9031.htm
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- ****** omicron Mail:omicron@omicron.dyndns.org (Sridhar N) www:omicron.symonds.net pubkeys:omicron.symonds.net/pubkeys C O G I T O E R G O S U M ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
participants (5)
-
Boris Lorenz -
jochen mader -
Kurt Seifried -
omicron -
Thomas Michael Wanka