Home page logo

Nmap Announce mailing list archives

Re: Draft Convention on Cybercrime
From: Matt Marnell <coldfuzion () coldfuzion net>
Date: Sat, 03 Jun 2000 13:47:51 -0400

for all you who still don't see how nmap is banned in this treaty (and I don't blame you...it took a second look for me to catch it too), here is how it applies:

When you scan a system, you are accessing that system (whether you have permission or not). Now, nmap scans computer systems. "a device, including a computer program, designed or adapted [specifically] [primarily] [particularly] for the purpose of committing any of the offences established in accordance with Article 2 – 5" When put into context, the treaty says that nmap is an illegal device if it's used "intentionally [to] access the whole or any part of a computer system without right." Basically, if you typed in the command to run nmap, then you ran it intentionally. And the entire "purpose" of nmap is to access computer systems (not breaking in, but by interacting with the various ports of the system), which defines it as an illegal device. One major problem with this treaty in its current shape is that it's entirely too vague. It can be argued that nmap is legal and it can be argued that nmap is not legal. The problem with this ambiguity is that ultimately, it can be used to prove that nmap is definitely illegal once ONE PERSON gets caught using nmap to scan some system before they break into it. That may not even need to happen for the witch hunt to begin. I know just as well as you know that nmap's sole purpose is not as a hacking tool, but because it can be used as such, it can be argued that it is a malicious utility. You need to realize that this treaty was not written by computer professionals or anyone with advanced knowledge of computers or the internet. It was written by beaurocrats from several countries throughout the world. They may think they are doing something right, but without the first-hand knowledge of what really goes on when a "cybercrime" is committed, they run the risk of taking too broad a perspective and trashing the good with the bad. Unfortunately, at this time, they have done just that. We should write them or something PEACEFUL to let them know that they need to redefine a few terms, and to be more specific. Any suggestions?

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]