funsec mailing list archives

Re: This isn't just me that thinks this is a really bad idea is it??

From: "David Lodge" <dave () cirt net>
Date: Sat, 28 Jan 2006 18:08:37 -0000

On Fri, 27 Jan 2006 14:04:24 -0000, Xyberpix <xyberpix () xyberpix com> wrote:

http://www.theregister.co.uk/2006/01/26/uk_computer_crime_revamp/

Sort of, if you read the text of the act, it synchronises the CMA with theact (sorry can't remember the name) used to prosecute for "Going equipped"- which you may be charged under for carrying tools that may be used tocommit a crime (e.g. lock picks or even a hammer!) if there is reasonablesuspicion of intent.

The golden word here is "intent" which is all through the CMA. This willcause its own problems - how does one prove the intent, how does one provethat the person knew that what they were doing was wrong?

Hence I can see more disclaimers about "this tool should only be used forlicenced purposes". For pen testers we'll just have to make sure that wehave documented approval for the pen test (I already get this now).

Now, the problems with the act: (3) In this section “article” includes anyprogram or data held in electronic form.

Is so ambiguous as it could include an article on how to use nmap, or evencould cover the telnet utility.


Second:

(1) A person is guilty of an offence if he makes, adapts, supplies oroffers to supply any article -(a) knowing that it is designed or adapted for use in the course of or inconnection with an offence under section 1 or 3; or(b) intending it to be used to commit, or to assist in the commission of,an offence under section 1 or 3

Which contains the same ambiguity, especially with section (a) which couldcause any basic network tool (e.g. telnet or even ping (as it can be usedto cause a DoS))

Badly written law by people who don't understand technology and understandthe security field even less.

I strongly suggest that UK readers should write to their MP about it(though I've little hope in this, even though my MP used to by the ITminister she still shows little understanding about computer issues).


dave
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

This isn't just me that thinks this is a really bad idea is it?? Xyberpix (Jan 27)
- Message not available
  - Re: This isn't just me that thinks this is a really bad idea is it?? Col (Jan 27)
- Re: This isn't just me that thinks this is a really bad idea is it?? David Lodge (Jan 28)
- <Possible follow-ups>
- Re: This isn't just me that thinks this is a really bad idea is it?? Fergie (Jan 28)