Date: Thu, 20 Sep 2007 15:28:14 +0200 From: Dirk Wetter <dirk.wetter@...etter.org> To: john-users@...ts.openwall.com Subject: Re: Complaint filed vs. german gov-agency for distributing jtr -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hi Tom, On 19.09.2007 08:38, thomas springer wrote: > There were quite a lot of sensible people protesting, but government > said, the goal is not to sue security-experts, but hackers. But the > wording of the law speaks clearly another language. The usage-of-the-tools-section (202a/b) sounds to me better than the tools section itself (202c). There's the word "unbefugt" (unauthorised) in 202a/b w My 2 Euros: That should have been more clear. This was also said by politicians of the government party in the conciliation committee. The tool-section is the one which is the one which is not comprehensible to me and which scared German hacker^Wsecurity tools provider (FX, kismac, PoC of PHP bugs=Stefan Esser) away. > There were no court-orders or known filed complaints because of 202c StGB yet. > > German online-magazine tecchannel.de is trying to get clarity about > the new law and filed a complaint (9/14/07) against the german > government-agency "Federal Office for Information Security (BSI, see > http://www.bsi.de/english/index.htm) for distributing John the Ripper > on one of its CDs and linking to a page (http://www.openwall.com) > where users can download the tool. They are referring to BOSS. The story behind it is that BSI did ~2 years back a public invitation to tender. GOal was to provide an easy to use Open Source-based toolkit, more for junior admins, in order to check their IT infrastructure for security holes. Also included is Nessus v2 on both versions of the CD amongst other tools which are except the sniffer tools according to p202c not as "dangerous". > A screenshot of the complaint is here: > http://images.tecchannel.de/images/tecchannel/bdb/361100/361109/B83CB84F13B738958633FFED96A57C1A_800x600.jpg > The article (german only, sorry) here: > http://www.tecchannel.de/sicherheit/grundlagen/1729025/ thanks a bunch for the hint! That is in fact a great manoeuvre :-) and has some irony in it: BSI, service provider for federal IT, a goverment agency, is a subsidiary from the BMI, the ministry of interior. Driving force for passing the law through the German instances was the ministry of justice, BMJ ;-) > I'm rather interested in this case, for i still distribute and use JtR > and i creditet myself in the compiled the Windows-Binarys available > from www.openwall.com. Drop me a note if this is noteworthy enough to > keep you posted about the outcome. Why just don't post it to the list? The outcome certainly will provide the needed legal certainty, one way or the other! Cheers, Dirk - -- Dirk Wetter @ Dr. Wetter IT-Consulting http://drwetter.org Beratung IT-Sicherheit + Open Source Key fingerprint = 2AD6 BE0F 9863 C82D 21B3 64E5 C967 34D8 11B7 C62F - - Found core file older than 7 days: /usr/share/man/man5/core.5.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEAREDAAYFAkbydW4ACgkQyWc02BG3xi89XgCeOczT+VncOVSiCRyw2bCM3f5X a9UAoJe1gKERwaqlMcOUJyg1glb7JPXl =e1Ou -----END PGP SIGNATURE----- -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ