Re: Why do we vote these people in?

["Peter Lee" <wickedsweet () ozemail com au>]

> Luke Potter wrote:
>
> This may be a bit off topic, but here goes,
>
> The passing of this Bill has been likened to a knee jerk reaction on the
> governments part, and will greatly influence how security engineers in
> Australia go about their business.
http://australianit.news.com.au/common/storyPage/0,3811,2944524%5E442,00.htm
> l

I certainly don't agree with the legislation, but for what it's worth I
asked our legal eagles to have a look over the draft bill and their reaction
was that I am safe from prosecution, despite my collection of goodies,
provided that every time we do anything to someone else's machines that we
have written proof from the customer that we can mess with their systems and
data.  It's all about intent.  If a customer engages you to perform the
services of a penetration test, and in the disclaimer (we're all using
legally approved disclaimers, right?) there's a load of really anal sounding
legalese about how customer X acknowledges we will try to do Really Bad
Things to them, they can hardly turn around and say you were in possession
of these tools with intent to commit a crime.

Think of locksmiths and security guards - they don't get busted for having
all sorts of really cool tools and stuff, because they use them within the
confines of a contractual arrangement with a customer.  But if the locksmith
is caught breaking and entering, or the security guard starts taking pot
shots at passing motorists with his 12 gauge, the "I didn't have intent to
commit a crime" defense looks pretty thin.

As always, get legal advice.  And not from the Internet, either.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/