From those in Germany and UK, how is the new law impacting your plans to continue in this industry?
According to the UK Computer Misuse Act Police and Justice Act and the German Section 202c StGB, posession of tools like John, Kismet, KisMAC, Nessus, nmap, and the ability to Google effectively a crime.
http//
http//
Haven't blinked …
You shouldn't be running these tools against anyone without written permission from them anyway. Without this you've been liable to prosecution for years, with it, I don't see that you can be found guilty of any crime.
As for categorising tools - I can do as much, if not more damage with telnet than with nmap, but I'm hardly going to be done for posession … 😉
I personally would much rather see there being criminalisation of the posession of anti-forensic tools, maybe throw in strong encryption licensing while you are at it …
My humble opinion only though … -)
( I will still be running nmap, nessus, kismet, john the ripper, metasploit & more for some time to come … )
Haven't blinked …
You shouldn't be running these tools against anyone without written permission from them anyway. Without this you've been liable to prosecution for years, with it, I don't see that you can be found guilty of any crime.
Of course. You would be surprised how often we have to run it against ourselves, when one works in a large international conglomerate.
Problem is, according to these laws, posession - no matter of approval or not - is illegal, not just usage.
I think that at this point we have to put our faith in the justice system … 😉
. . . we have to put our faith in the justice system … 😉
Hmmm. That's a lot of faith to have Azrael, especially when the technical details are difficult at best. I certainly can't speak for the UK, but in the US judges aren't very tech savvy. The juries are even less so. I read a statistic that says the average education of a US juror is 8th grade (US). )
Fair enough - perhaps by "justice system" I mean that I hope that the Police won't waste their time attempting to prosecute me, doing my job, as opposed to chasing real criminals with these tools …
But I agree with your point Dennis, explaining that it is the same as a locksmith carrying lock-picking tools to help people get back into their houses, for some reason is beyond some people …
This has got me thinking - not so much about where I stand, or the tools I use, which are all Open Source - what is the legal position for ISS/IBM now, how can they sell their product ( "Internet Security Scanner" - a vulnerability scanner ) if posession of it is illegal ?
Is distribution a higher level of crime as with drugs etc. ?
If so, if I link to nmap from my website or host it for download where does this leave me ?
Also where does this leave me with respect to writing my own tools ?
Or, as I have done, enhancing tools for nmap ?
Is it more criminal to create a tool ?
😯
Hypothetically speaking if I were to do something wrong and I was caught by a government agency who used one of these 'banned' tools to catch me, could I say its illegal for them to use the tool and therefore my capture is unlawful?
I think it's close to universal that governments will exempt themselves from anything and everything imposed on it's residents/citizens. Not that I'm a cynic understand.
Hello. As I understand it, the Police & Criminal Justice act 2006 does not make the possession of these tools a crime unless there is intent to use them to commit a crime.
It is a crime to obtain, make, adapt, supply or offer to supply these tools with intent to commit an offence.
See section 3A subsections 1 - 3.