[opensuse-security] Re: [opensuse-buildservice] Metasploit and same type of packages
Hello Adrian, OK I won't upload it. It's a pitty that Germany doesn't allow sniff and security test tools any more. I hope the law will change. Regards, Joop. On Freitag 07 November 2008 15:47:14 Joop Boonen wrote:
People of (open)SuSE/Novell @security,
I have a question. I would like to build a package for metasploit in the buildservice. As metasploit is controversial for for some people. As it's seen as a hack tool, but it's also a tool tool demonstrate vulnerabilities and to do exploit tests on code and security testing.
Important I'm NOT building the package for people to exploit systems that they are not authorised to. I'm also against this.
I wonder if it's ok to build such a package in respect to legal issues and openSuSE/Novell policy.
I do not know the tool, but your description sounds like it is illegal in germany according to the new laws from this year.
So I am sorry, please do not upload this to our servers (since Build Service is located in germany).
bye adrian
--
Adrian Schroeter SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) email: adrian@suse.de
-- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Mon, Nov 10, 2008 at 02:23:00PM +0100, Joop Boonen wrote:
Hello Adrian,
OK I won't upload it. It's a pitty that Germany doesn't allow sniff and security test tools any more.
I hope the law will change.
There is a wide range of security test tools... nmap, nessus, wireshark can be explained as debugging tools, they do not actually intrude on systems. Metasploit with its ready made intrusion exploits is definitely a "hacker tool" under the new german law, so we cannot include it. (Its installation is not hard though, so the expert/admin will have not much trouble installing it himself from source.) Ciao, Marcus -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Sunday 16 November 2008 03:42:28 am Marcus Meissner wrote: ...
nmap, nessus, wireshark can be explained as debugging tools, they do not actually intrude on systems.
Metasploit with its ready made intrusion exploits is definitely a "hacker tool" under the new german law, so we cannot include it.
It is the same as the difference between knives and hammers. It is more psychological than actual. You can be arrested in the restaurant as a guest for having sharp, pointy knife (kitchen, bowie, doesn't matter), but not for having hammer. While it is easier to explain why you have knife, than hammer, historically sharp, pointy knives were used to kill more often than hammers, and that reflects in the law. Both are just tools. How they would be used decides user, not a tool. What makes the difference is how those tools were used in the past in the particular situation. In above example even cook having kitchen knife in lunch room is not considered normal. While any mentioned tool is, or should be, part of a computer security toolbox, without knowing user intentions, past activity of the user makes the difference. The problem with a new law is that you have no way to acquire license to have those tools, like with a guns. Security expert, trainee in security field, network administrator, company that is probing security of customer network, should have right to have them legally, just as people handling money, private investigators, hunters can have guns. -- Regards, Rajko -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Sun, Nov 16, 2008 at 09:08:02AM -0600, Rajko M. wrote:
On Sunday 16 November 2008 03:42:28 am Marcus Meissner wrote: ...
nmap, nessus, wireshark can be explained as debugging tools, they do not actually intrude on systems.
Metasploit with its ready made intrusion exploits is definitely a "hacker tool" under the new german law, so we cannot include it.
It is the same as the difference between knives and hammers. It is more psychological than actual.
You can be arrested in the restaurant as a guest for having sharp, pointy knife (kitchen, bowie, doesn't matter), but not for having hammer. While it is easier to explain why you have knife, than hammer, historically sharp, pointy knives were used to kill more often than hammers, and that reflects in the law.
Both are just tools. How they would be used decides user, not a tool. What makes the difference is how those tools were used in the past in the particular situation. In above example even cook having kitchen knife in lunch room is not considered normal.
While any mentioned tool is, or should be, part of a computer security toolbox, without knowing user intentions, past activity of the user makes the difference.
The problem with a new law is that you have no way to acquire license to have those tools, like with a guns. Security expert, trainee in security field, network administrator, company that is probing security of customer network, should have right to have them legally, just as people handling money, private investigators, hunters can have guns.
Well, do not tell that us, tell it to the german government. ;) We and various groups tried in various ways as the govt agreed to this law, but failed. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Monday 17 November 2008 06:16:28 am Marcus Meissner wrote:
Well, do not tell that us, tell it to the german government. ;)
We and various groups tried in various ways as the govt agreed to this law, but failed.
I know, but I couldn't suppress need for rant. So far I recall, it is so broadly defined that even web browser shouldn't exist as it can be used to break in other computers. -- Regards, Rajko -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
participants (3)
-
Joop Boonen -
Marcus Meissner -
Rajko M.