How Web Application Security and Guns are Common
In an attempt to do the right thing, the Germans aren't
really helping themselves. News.com is reporting that "As of Saturday,
it's a crime in Germany to build, sell, distribute or obtain so-called 'hacking
tools' designed to allow access to protected data or promote other illegal
acts." http://news.com.com/8301-10784_3-9759051-7.html There are a few
scary things about this.
A lot of the "hacking tools" fall into a nebulous
classification of neither good nor bad. They are more along the lines of how
you use the tool. It's not evil if I'm using Nessus on my own network to
determine where a vulnerability might exist. The same is true for any Web
application testing software. When used within an environment I am testing or
responsible for, the results are positive and not negative.
The same logic can be applied to many open source tools that
are used for more generic purposes.
Web application testing solutions don't fall into a bad
category by themselves. This law might work for protecting messaging
environments; it makes tools like Send Safe (automated spam generator created
and operated out of
While the law might only be enforced in situations where most of us would agree it is warranted, it is not a clear cut case. And I wouldn't want to trust that some overzealous prosecutor is not looking to form his reputation by putting away "evil hackers," especially when the bulk of the public don't understand the difference.
-
Mike Kazmierczak, Cenzic, Inc.
Comments