Security Basics mailing list archives
RE: application for an employment
From: "Craig Wright" <cwright () bdosyd com au>
Date: Sun, 2 Apr 2006 08:24:13 +1000
Hi
The European Convention on Cybercrime was adopted by the Minister Committee of the European Council on November 8,
2001. It was signed by Germany and other member states of the European Council. It is, however, yet to be ratified in
Germany. This does not change the status of the bill.
The Bill is open to horizontal action and an individual in Germany (or any other member state) could take the issue to
the European court of justice to force the German Govt. to enforce the provisions. A person from any other member state
could also enforce this against action from an individual in other member states. This does not help with action
to/from non-member states.
In particular; Article 6: Misuse of devices/possession and misuse of systems and tools that are suitable for carrying
out an action as in Article 2-5.
This article does not, however, refer to the unauthorized use of security tools that are used for protective purposes,
such as penetration tests when authorised. However - this does forclude general use of the said tools without explicit
authorization.
The fact that the German courts in 2000 dismissed a case based on port scanning as the CLCA did not have provisions for
use of the tools used for port-scanning is irrelivant due to the signing of the convention in 2001.
As for access to any web server, Sec. 3 ZKDSG [prohibition of commercial intervention to circumvent access control
services] covers this.
Sec. 3 ZKDSG [prohibition of commercial intervention to circumvent access control services]: “1.) The production,
import and distribution of circumvention facilities for commercial purposes, 2.) the possession, technical
installation, maintenance and exchange of circumvention facilities for commercial purposes and 3.) the promotion of
circumvention facilities are prohibited.”
An access-controlled service is, for example, a password-protected WWW or FTP server. The purpose of a penetration test
is to circumvent an existing security mechanism. This means that as soon as tools are used to perform the penetration
test (circumvention facilities), an infringement of the ZKDSG is unavoidable. Thus it is advisable to obtain the
relevant permission from the authorized user in case of any acts that could constitute a criminal offense.
There is an exclusion for valid testing services. This requires the express authorisation of the site owner in writing.
I suggest that you have a read of the Treaty on European Union i.e. the Maastricht Treaty
Also read the Single European Act (SEA) 1987
The directives on rights
Article I-33 of the constitution for Europe
Craig
PS doubt is never a qualification
PPS I hate looking up German law.
See -
Grundgesetz, Artricle 18 in respect to artilce 14 on property rights.
See
Gesetz zum Schutz vor Mißbrauch personenbezogener Daten bei der Datenverarbeitung
20 December 20, 1990 (BGBl.I 1990 S.2954), as amended by the law of 14 September, 1994 (BGBl. I S. 2325)
See S.43
Telekommunikationsgesetz (Telecommunications Act), see provisions under s.5
“The amended Data Protection Act of 1990 is also intended to protect the individual from having his personal rights
infringed upon”
-----Original Message-----
From: Ansgar -59cobalt- Wiechers [mailto:bugtraq () planetcobalt net]
Sent: Sun 2/04/2006 7:26 AM
To: Craig Wright
Cc:
Subject: Re: application for an employment
On 2006-04-02 Craig Wright wrote:
> Actually on a little research I suggest that you being German as you
> have stated check the records associated with the Bundesgerichtshof.
What decision exactly does IYHO support your claims. I am not aware of
any.
> You will find that most of your views on rights and property are wrong
> in Germany even.
I seriously doubt that. And I'm quite sure that my doubt (especially in
this case) is one hell of a lot more qualified than your claim.
Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq
Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within
those States and Territories of Australia where such legislation exists.
DISCLAIMER
The information contained in this email and any attachments is confidential. If you are not the intended recipient, you
must not use or disclose the information. If you have received this email in error, please inform us promptly by reply
email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy.
Any views expressed in this message are those of the individual sender. You may not rely on this message as advice
unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by
a Partner of BDO.
BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference,
interception, corruption or unauthorised access.
Current thread:
- Re: application for an employment, (continued)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 03)
- RE: application for an employment Craig Wright (Apr 03)
- Re: application for an employment Raoul Armfield (Apr 03)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 04)
- RE: application for an employment Ramsdell, Scott (Apr 03)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 05)
- RE: application for an employment John E. Fleming (Apr 03)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 05)
- RE: application for an employment onowlin (Apr 03)
- RE: application for an employment Craddock, Larry (Apr 03)
- RE: application for an employment Craig Wright (Apr 03)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 03)
- Re: application for an employment c.s.wright (Apr 04)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 04)
- Message not available
- Re: Port scanning/illegalities Ansgar -59cobalt- Wiechers (Apr 05)
- RE: Port scanning/illegalities Ramsdell, Scott (Apr 06)
- Re: Port scanning/illegalities Ansgar -59cobalt- Wiechers (Apr 06)
- Re: Port scanning/illegalities Jeffrey F. Bloss (Apr 07)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 04)
- RE: application for an employment Kurt Reimer (Apr 06)
