Full Disclosure mailing list archives
Re: Standing Up Against German Laws - Project HayNeedle
From: "Sysman" <sysman () vsnl com>
Date: Tue, 13 Nov 2007 17:28:49 +0530
Paul, 1. As I understand, the monitoring is not as wide as you described. 2. Even if, it is there, it is for Public good. It is to protect you against terrorism. Yes, this amounts to big brother is watching, but many times, that is essential. Remember USA 9/11/2001, London 7/7/2006, India (many many incidents). Have trust in your government. I believe, German government machinery is reasonable efficient and honest. If communication transactions are logged, what is the harm? In case of any incident, how will the government investigate? If you are a security professional, don't you advise your client for all this like audit logs etc. 3. Even if, you need to protest, please do. This is your right. But, this is not the way to protest. Even if you say that technically you are not breaking any law, the difference between you and a law breaker is very thin. If you want to protect, use democratic methods. Write about it in print media. Use electronic media to mobilise opinion. Create Blogs. Send e-mails. Lobby with MPs (members of Bundestag). If your ideas will appeal to people, many will raise voice. Ultimately, law is manifestation of social aspirations for social good. As I understand, Germany (Deutschland) is a vibrant democracy and not a dictatorship or oppressive state. Further, ask the background - why this law was necessary? In a democracy, laws are made after careful and well defined process. Ask for the details of the process. 4. If you can cite some incidents of misuse / oppression by the government machinery of any other law, you can quote that in venting your feelings / opinion. This is my personal opinion. You are free to take your own decision. Even if, you may curse me, I have no problem. You and me both live in functional and vibrant democracies. Both are counted amongst top 5 democracies in the world. I feel, it is my democratic right to express my opinion, even if you do not subscribe to it. I am from India. We have been victims of many terrorist attacks. I can say that if state is watching the traffic (net, phone, road, human, etc.) for public good with honesty, it is good for public. Further, you said "This is madness for various apparent reasons". I fail to understand - what are the various apparent reasons? can you describe a few of these apparent reasons. Regards, Rakesh Goyal AMIE (IE, Gold Medalist), PGDM (IIM-B, Gold Medalist), CISA, CISM CEng, CMC, CCCI, CFE, FIE, MIEng, MIInst W, MIMC, MIIIE, FISM Managing Director, Sysman Computers (P) Ltd., and Director-General, Centre for Research and Prevention of Computer Crimes, Sion, Mumbai 400 022 Phone : +91-99672-48000 / 99672-47000 e-mail : sysman () sysman in & rakesh () sysman in url : http://www.sysman.in and http://www.sysman.co.in (Sysman has been empanelled as (a) IS Auditors under IT Act-2000 to audit PKI (2001-2007) AND (b) as IS Security Auditor by CERT-In (Govt. of India) (2004-2009) AND Sysman is Associate Consultant to British Standards Institution to implement BS7799 / ISO17799 / ISO 27001 ISMS). _____ Author of books - 1. Computer Crimes - Concept, Control and Prevention (Published in 1993). 2. Bank Computerisation (Published in 1996). 3. Digital Signature - All you want to know about it, but don't know whom to ask! (Published in 2004). 4. Demystifying Information Technology Act - 2000 (Published in 2005). 5. Sankat Mochan Yojana (Published in 2005) - can be downloaded from www.sysman.in <http://www.sysman.in> . 6. Publisher of Case Studies in Information Security (Published in 2002). *********************************** The information in this email is confidential, and intended solely for the addressee. Access to this email by anyone else is unauthorized. Any copying or further distribution beyond the original recipient is not intended, and may be unlawful. _____ -----Original Message----- From: Paul Sebastian Ziegler [mailto:psz () observed de] Sent: Saturday, November 10, 2007 10:59 PM To: bugtraq () securityfocus com; full-disclosure Subject: Standing Up Against German Laws - Project HayNeedle -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Dear Infosec community, as most of you may have heard the German government passed a law today that will lead to all connections being logged for 6 months. This includes phone calls as well as all internet connections. This is madness for various apparent reasons. In times like these it is necessary to stand up against it. Of course not by committing crimes but by attacking the flawed logic behind those laws itself. There are many approaches to this. And I am sure (and I really hope) that there will be many more taken. This is just one approach that came to my mind today. Introducing Project HayNeedle. A tiny spider-like program written in C# that will create connection sessions on it's own thus trying to create plausible deniablility. It runs within the .NET framework and was tested on Linux and Windows XP. If it runs on your OS, drop me a line, if it doesn't send me a report. It should run on almost any OS supporting Mono. The mechanism is quite easy: It searches Google for random words and picks random pages among the results, then spiders from there (well it is spidering except that it only follows one URL at a time within a session thus simulating a user). A long description of the idea behind it and the technique as well as downloads of the sourcecode and binary can be found here (English and German version): http://observed.de/?entnum=126 Project HayNeedle is released under the GPLv2. So any form of patches, ideas and constructive criticism is welcome. However for the sake of everyones nerves I will not reply to any sort of aggressive and/or flaming mails. Many Greetings Paul Sebastian Ziegler -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHNepUaHrXRd80sY8RCqprAKC/8EVMf/FVibcyLWc1ksnq9ZRT7ACg9FpS 4JpBVvHE1TI3ZPkvgSPXuGA= =g7Qt -----END PGP SIGNATURE----- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.15.30/1125 - Release Date: 11/11/2007 9:50 PM _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Standing Up Against German Laws - Project HayNeedle Paul Sebastian Ziegler (Nov 10)
- Re: Standing Up Against German Laws - Project HayNeedle Nico Golde (Nov 10)
- Re: Standing Up Against German Laws - Project HayNeedle Paul Sebastian Ziegler (Nov 10)
- Re: Standing Up Against German Laws - ProjectHayNeedle nate . mcfeters (Nov 10)
- Re: Standing Up Against German Laws - ProjectHayNeedle Paul Sebastian Ziegler (Nov 10)
- Re: Standing Up Against German Laws - Project HayNeedle Jan Newger (Nov 12)
- Re: Standing Up Against German Laws - Project HayNeedle johan beisser (Nov 12)
- Re: Standing Up Against German Laws - Project HayNeedle Sysman (Nov 13)
- Re: Standing Up Against German Laws - Project HayNeedle Valdis . Kletnieks (Nov 13)
- Re: Standing Up Against German Laws - Project HayNeedle Timo Schoeler (Nov 13)
- Re: Standing Up Against German Laws - Project HayNeedle Florian Streck (Nov 14)
- Re: Standing Up Against German Laws - Project HayNeedle sysman (Nov 14)
- <Possible follow-ups>
- Re: Standing Up Against German Laws - Project HayNeedle LT (Nov 10)
- Re: Standing Up Against German Laws - Project HayNeedle Paul Sebastian Ziegler (Nov 10)
- Re: Standing Up Against German Laws - Project HayNeedle Vincent Archer (Nov 12)
- Re: Standing Up Against German Laws - Project HayNeedle Paul Sebastian Ziegler (Nov 13)
- Re: Standing Up Against German Laws - Project HayNeedle Sysman (Nov 14)
- Re: Standing Up Against German Laws - Project HayNeedle Timo Schoeler (Nov 15)
- Re: Standing Up Against German Laws - Project HayNeedle Sysman (Nov 14)
(Thread continues...)
- Re: Standing Up Against German Laws - Project HayNeedle Nico Golde (Nov 10)