Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 20 Sep 2007 15:28:14 +0200
From: Dirk Wetter <dirk.wetter@...etter.org>
To:  john-users@...ts.openwall.com
Subject: Re: Complaint filed vs. german gov-agency for distributing
 jtr

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160


Hi Tom,


On 19.09.2007 08:38, thomas springer wrote:

> There were quite a lot of sensible people protesting, but government
> said, the goal is not to sue security-experts, but hackers. But the
> wording of the law speaks clearly another language.

The usage-of-the-tools-section (202a/b) sounds to me better than the tools
section itself (202c). There's the word "unbefugt" (unauthorised) in 202a/b
w My 2 Euros: That should have been more clear. This was also said by
politicians of the government party in the conciliation committee.

The tool-section is the one which is the one which is not comprehensible
to me and which scared German hacker^Wsecurity tools provider
(FX, kismac, PoC of PHP bugs=Stefan Esser) away.

> There were no court-orders or known filed complaints because of 202c StGB yet.
> 
> German online-magazine tecchannel.de is trying to get clarity about
> the new law and filed a complaint (9/14/07) against the german
> government-agency "Federal Office for Information Security (BSI, see
> http://www.bsi.de/english/index.htm) for distributing John the Ripper
> on one of its CDs and linking to a page (http://www.openwall.com)
> where users can download the tool.

They are referring to BOSS. The story behind it is that BSI did ~2 years
back a public invitation to tender. GOal was to provide an easy to use Open
Source-based toolkit, more for junior admins, in order to check their IT
infrastructure for security holes. Also included is Nessus v2 on both
versions of the CD amongst other tools which are except the sniffer tools
according to p202c not as "dangerous".

> A screenshot of the complaint is here:
> http://images.tecchannel.de/images/tecchannel/bdb/361100/361109/B83CB84F13B738958633FFED96A57C1A_800x600.jpg
> The article (german only, sorry) here:
> http://www.tecchannel.de/sicherheit/grundlagen/1729025/

thanks a bunch for the hint! That is in fact a great manoeuvre :-)
and has some irony in it: BSI, service provider for federal IT,
a goverment agency, is a subsidiary from the BMI, the ministry of interior.
 Driving force for passing the law through the German instances was the
ministry of justice, BMJ ;-)

> I'm rather interested in this case, for i still distribute and use JtR
> and i creditet myself in the compiled the Windows-Binarys available
> from www.openwall.com. Drop me a note if this is noteworthy enough to
> keep you posted about the outcome.

Why just don't post it to the list?

The outcome certainly will provide the needed legal certainty, one way
or the other!


Cheers,
	Dirk



- --
Dirk Wetter @ Dr. Wetter IT-Consulting          http://drwetter.org
Beratung IT-Sicherheit + Open Source
Key fingerprint = 2AD6 BE0F 9863 C82D 21B3  64E5 C967 34D8 11B7 C62F

- -
Found core file older than 7 days: /usr/share/man/man5/core.5.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREDAAYFAkbydW4ACgkQyWc02BG3xi89XgCeOczT+VncOVSiCRyw2bCM3f5X
a9UAoJe1gKERwaqlMcOUJyg1glb7JPXl
=e1Ou
-----END PGP SIGNATURE-----

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.