Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Hackers: Re: Draft Convention on Cybercrime

Re: Draft Convention on Cybercrime

From: Matt Marnell <coldfuzion_at_coldfuzion.net>
Date: Sat, 03 Jun 2000 13:47:51 -0400

for all you who still don't see how nmap is banned in this treaty (and I
don't blame you...it took a second look for me to catch it too), here is
how it applies:

When you scan a system, you are accessing that system (whether you have
permission or not). Now, nmap scans computer systems.
"a device, including a computer program, designed or adapted [specifically]
[primarily] [particularly] for the purpose of committing any of the
offences established in accordance with Article 2 – 5"
When put into context, the treaty says that nmap is an illegal device if
it's used
"intentionally [to] access the whole or any part of a computer system
without right."
Basically, if you typed in the command to run nmap, then you ran it
intentionally. And the entire "purpose" of nmap is to access computer
systems (not breaking in, but by interacting with the various ports of the
system), which defines it as an illegal device.
One major problem with this treaty in its current shape is that it's
entirely too vague. It can be argued that nmap is legal and it can be
argued that nmap is not legal. The problem with this ambiguity is that
ultimately, it can be used to prove that nmap is definitely illegal once
ONE PERSON gets caught using nmap to scan some system before they break
into it. That may not even need to happen for the witch hunt to begin. I
know just as well as you know that nmap's sole purpose is not as a hacking
tool, but because it can be used as such, it can be argued that it is a
malicious utility.
You need to realize that this treaty was not written by computer
professionals or anyone with advanced knowledge of computers or the
internet. It was written by beaurocrats from several countries throughout
the world. They may think they are doing something right, but without the
first-hand knowledge of what really goes on when a "cybercrime" is
committed, they run the risk of taking too broad a perspective and trashing
the good with the bad. Unfortunately, at this time, they have done just
that. We should write them or something PEACEFUL to let them know that
they need to redefine a few terms, and to be more specific. Any suggestions?
Received on Jun 03 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos