No more security problems or what?

16/08/2007 Written by Jakub Maslowski

hackerGer­many is the first one of Euro­pean coun­tries, where very strict rules have been intro­duced, rules that will (atleast this is the opin­ion of gov­ern­ment) pre­vent hack­ing. Anti-​hacking law says now, that cre­at­ing or pos­s­e­sion of tools related to secu­rity that could poten­tially be used in attacks, is now forbidden.

Amend­ment of this law defines clearly that also Denial of Ser­vice attacks and tar­get­ting sin­gle hosts/​targets are offence to it. “Hacker” — per­son who com­mits seri­ous breach can now be sen­tenced to up to 10 years in prison. Con­tro­ver­sion — that word describes quite good, what is now in head of Ger­many secu­rity pro­fes­sion­als, who are not sure, if they are allowed to do their job. For exam­ple, cre­ation or pos­s­e­sion of tools that could be used in more then one way.

So, tools designed to test net­works are not legal since you could use them in DoS attack, or how about pass­words reminders and crack­ers? How about effec­tive Google usage? The fact is, that every secu­rity com­pany is doing ille­gal activ­i­ties, when check­ing secu­rity using for exam­ple port scan­ners or vul­ner­a­bil­ity scan­ners. It seems, that Ger­man gov­ern­ment missed the mean­ing of IT security.

Secu­rity con­sul­tants would like to see some changes made, fol­low­ing UK’s Com­puter Mis­use Act, that cleared sit­u­a­tion in Great Britain.

Many groups that were involved into secu­rity are remov­ing stuff related to that “anti-​hacking” law, like “The Hacker’s Choice” (http://​www​.thc​.org/), or even mov­ing to Nether­land, like cre­ators of KisMAC (tool used to scan net­works) did.

But con­sider, what is “tool that can be used in hack­ing”? Is it your browser (that can be actu­ally used for web appli­ca­tion hack­ing tasks)? Or sim­plier — com­mand line (in Win­dows) or ter­mi­nal con­sole (in Linux)…telnet… notepad, vi…? Because some­times no other tools are needed to breach into weak systems.

Chaos Com­puter Club (respected hack­ing group in Ger­many) resumed this sit­u­a­tion: “seems that Ger­man pol­i­tics decided their coun­try is free of secu­rity problems”.

So, will everone in secu­rity indus­try drop, what they were doing or it will move to undeground?

Share this content: