GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I would like to know the opinion from the people here about this law in Germany which forbids the use of "hacking tools", such as nmap, ethercap, etc...
In my opinion, in a near future, the IT security in Germany will become a great hole, since the IT security professionals will be forbid to do their work.
In my opinion, as sysadmin, this is definitely not the way to solve security issues.
I know the German government is doing this because that problem with Latvia (The whole country became offline 'cause a DDoS attack), but this is NOT the solution, these crackers will not stop their "job", but if the Gov forbids the IT security staff to do their work, then the attacks will tend to grow!
Ok, now let us talk about the solutions:
1. The German government should think about ways of educating the youth IT security enthusiasts for the ethical hacking.
2. They should, despite forbidding "hacking tools", think about giving better training for the government security staff.
90% of it's attacks are successful 'cause there are negligent sysadmins maintaining these systems.
The security patches are online for downloading, they could just update their boxes, but they DON'T DO IT!
In my opinion, Good security policies, training and responsability by it's sysadmins would definitely solve the security problems.
It's the same in France since maybe 2 years or something like this. Only security firms are allowed to check softwares or make penetration tests. You are not allowed to check your own network anymore, as a home user.
In practice, people have moved their servers out of this country and a lot has gone back to underground/private. Some people must be happy with this laws.
Great ideas from our politicians.
Could be an issue for Groklaw this. I mean, how are these tools defined in the law? If someone changes the name and re-compile these tools, are they still covered by the law? Also, breaking into your own home is legal (e.g. if you have lost your keys or want to test how solid your door is), so how can they ban you from breaking into your own computer network?
I don't think there is any big risk involved in ignoring this law. I am not a law expert, but chances are this is a junk law created by politicians eager to show they know about IT issues. France and Germany both have solid constitutions, and chances are nobody could actually be convicted using these laws. If you are a criminal hacker breaking into other peoples networks, you are already breaking other laws in both countries, so this law would be largely irrelevant.
<- Big Law book needed and some help from Pamela J & co
As a German, I have been following the discussion about this for quite a while. Any number of tech-savvy advisors have spoken up against this law, which really is about as idiotic as laws can get, but our politicians don't care. Small surprise there.
The law does not define clearly what kind of software it refers to. If you ask me, the ping command itself is already covered by it. I suppose that clueless judges will in future have to define what exactly the clueless politicians were talking about.
It is forbidden to create, distribute and own software with the intention of using it to break into systems you have no business breaking into. The law states something about 'malicious intent', which might save administrators testing their own networks, but only actual practice will show what exactly this law will mean. AFAIK the first German security company has moved abroad already because of this law.
I wonder how long this approach can be maintained. Just the other day, I read that the German government is disgruntled (to put it mildly) after having found evidence that the network of Angela Merkel was broken into by the Chinese. How is this sort of law to protect them against international threats??? It seems that the Chinese are going to be a lot of fun in the future, by the way. They have recently announced their plans to take over Seagate and now the US government is seriously worried about the security risks involved. Maybe people should start considering a ban on Seagate drives?
These kind of laws dont help, because if youre using the tools to break into a network, youre doing something illegal already, the hackers ignore that, so why should they be bothered by this law.
The only way to stop networks from beeing hacked are good trained security admins. Who maintain it seriously, and aply patches.
My school for instance, has really low security, since im one of the few that can break it, it doesnt really matter because all of the people that could do it( 3ppl in total) talked to the admin and told him they would'nt abuse it, the bug is still not fixed though, basicly its waiting for someone less nice to find out how to crack it. People like that should be fired (kinda fun using admin login to check other computers and find out the admin was playing mine sweeper at the moment).
This is not openness, most of the tools are use by admin to secure and troubleshoot their networks.
If the country getting DDoS attacks let people know significance of security.
At the end for what the IT security staff is paid for to make their job easy.
Last edited by WAJEDUR REHMAN; 08-29-2007 at 01:51 PM.
I think it's not as dramatic as it sounds to most people.
Using the tools with the _intention_ to do something _illegal_ is the important part, as bitpicker said - not just "having nmap as a system administrator on your computer". Also, a passage was added making hacking into private person's computers illegal without their consent and if there is any kind of technical barrier to prevent such break-ins which until then just applied to companies and any kinds of administrational IT and infrastructure.
This does not make the law less absurd, of course and there's much room for really badly informed judges to to some real damage, but sadly this is all the national and global zeitgeist right now.
And all in all some legal regulation was due - it's not that surprising that all governments getting their hands more and more into Internet and/or IT affairs.
But overall government and police are still struggling to really grasp the "internetworking" idea - recently I had a federal police visit due to some TOR server stuff, but nothing really happened and no legal consequences of any kind came up - especially my stuff wasn't even been looked at I told them I'm working as an it journalist.
So we'll have to wait where to every day legal affairs will actually lead us.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.