mailing list archives
Criminalisation of security tools
From: juan at reverselabs.com (Juan Aurelio Naranjo)
Date: Tue, 27 Mar 2007 20:03:42 +0100
I know this does not make sense but the Britain's anti-hacking law may make
a person guilty for use security tools. According to The Register:
"The new Act will make a person guilty of an offence 'if he supplies or
offers to supply any article believing that it is likely to be used to
commit, or to assist in the commission of, [a hacking offence]'. The word
'article' is defined in the Act to include 'any program or data held in
electronic form'. Some software tools commonly used by IT security
professionals can also be used for malicious purposes, making the new
legislation a cause for concern. This applies particularly to dual use tools
Juan A. Naranjo
From: Joerg Weber [mailto:packetshinobi at googlemail.com]
Sent: 27 March 2007 19:37
To: framework at metasploit.com
Subject: Re: [framework] Criminalisation of security tools
Germany has a law in the pipeline doing what's described below indeed.
I dunno wether it's of any use for you but if it's helpful I'll dig
out some articles. They'll be in German, so you'd have to babelish 'em
but in essence they'll explain that german legislation is about to do
exactly that. It has cause quite a stir inside the IT Security
Community, so wether the proposal will actually become a law remains
to be seen.
It's amazing enough that nonsense like that even gets considered these
days as serious proposals.
2007/3/27, 0x90 at hushmail.com <0x90 at hushmail.com>:
Framework 3.0 release is all over the news. I came across
http://www.heise-security.co.uk/news/87442 and what I found
interesting is the last paragraph that states:
"However, recent amendments to information security legislation,
which include the criminalisation of the manufacture, provision,
distribution or procurement of hacker tools will make the use of
tools such as Metasploit problematic. It could even become unlawful
to perform internal tests to check the security of your system or
to check whether vendor patches really fix vulnerabilities as
Going back to typical "Security through obscurity" approach?
Anyway, I never heard about such legislation. If true, which
state(s) will adopt it? Anyone has more info?
PS: HD Moore, thank you very much for such a great tool.
Click to lower your debt and consolidate your monthly expenses