| Recent
Articles |
Decision Management And E-Prescribing
Bill over at the Wireless MD had a couple of interesting posts on e-prescribing - Senatorial bi-partisan support for e-prescribing and Caveats for e-prescribing. The use of technology to improve healthcare is an endlessly fascinating discussion and the use of information...
New Data Retention Laws in Germany
Last week, Germany’s ruling parties – a coalition of SPD & CDU, with efforts in the digital area recently spearheaded by minister of interior Wolfgang. Schäuble (pictured) – passed a bill for new data retention laws*. Wolfgang Schauble With this law in place, people...
Government Websites Must Focus
Government websites must specialise and deliver better services to specific audiences, not try to be everything to everybody. A number of years ago, I did some work with a department of education. It was reviewing its web strategy and had come to a decision. In its new...
Shop.org Lobbies Against Ecommerce Taxes
Shop.org has been lobbying members of the U.S. Senate on behalf of online retailers to support a permanent extension of the ban against multiple taxes on ecommerce. The Senate Commerce Committee will consider a permanent Internet tax moratorium...
When Spies Do Search
The Central Intelligence Agency launched CIA Wire, a service that will help users of the Library of National Intelligence sift through available information from participating agencies. The Iraq war and the 9/11 terrorist attacks have been the most recent...
|
|
|
|
01.03.08
Security In The UK Could Be Set Back By Decades
 By Dan Morrill
In what could be a bad day for United Kingdom pen testers, stress testers, and other systems security folks, the UK is getting ready to ban the creation
and distribution of tools that could be used by hackers.
This generally unpleasant concept could make it not only impossible to create the next nessus or nmap by anyone in the UK, it could also send them to jail for distributing the tools they make as well.
This ought to set back UK computer security by decades.
The distinctions between, for example, a password cracker and a password recovery tool, or a utility designed to run denial of service attacks and one designed to stress-test a network, are subtle. The problem is that anything from nmap through wireshark to perl can be used for both legitimate and illicit purposes, in much the same way that a hammer can be used for putting up shelving or breaking into a car. Source: Register
This should be quickly tested in the UK courts, the minute the ink is wet on the paper kind of legal testing.
There are multiple programs, perl, c++, shell scripts in C, and other programs and tools that are made by people to do things.
Dual use tools are tools that can be used for both good and evil. It will be difficult to determine the intent of the tool developer unless they leave behind incriminating e-mails saying the tool was created to rip off millions of people.
Any form of distribution would also be included in the statutes, meaning the mere
act of sharing a tool w.0ith your security friends could be bad for you continued
security 4career.
This is generally bad, and will hamper legitimate security workers and researchers.
The state of the security industry in the UK is now dead.
The hackers will win this one unfortunately, and there seems to be no way to stop this kind of legislation short of a court testing of its legitimacy.
Comments
About the Author:
Dan Morrill has been in the information security field for 18 years, both
civilian and military, and is currently working on his Doctor of Management.
Dan shares his insights on the important security issues of today through
his blog, Managing
Intellectual Property & IT Security, and is an active participant in the
ITtoolbox blogging community.
|
