The Turkey Curse
fukamis terror chatroom

202c: BSI charged for distributing John with BOSS

Setting Orange, 41st Bureaucracy, 3173.

[TecChannel][tecchannel] filed a charge against German [BSI][bsi]. BSI stands for “Bundesamt für Sicherheit in der Informationstechnik” (Federal Office for Information Security) and they are the central IT security service provider for the German government. The reason for the charge is BSIs distribution of [BOSS][boss] (BSI OSS Security Suite), which is basically a Live CD containing Open Source security tools such as Nessus and John the Ripper.

It will be interesting to see what happens.

[tecchannel]: http://www.tecchannel.de/sicherheit/grundlagen/1729025/index5.html
[boss]: http://www.bsi.de/produkte/boss/index.htm
[bsi]: http://www.bsi.de/

---

(Non-)use of IT and racism

Boomtime, 38th Bureaucracy, 3173.

A couple of days ago we had a nice discussion at [Netzladen][nela] about all the politicians deciding about IT-related topics without using computers themself. Thomas from the [FAU][fau] came up with this little analogy:

Those politicians are just like racists: They fear what they don’t know.

Very good point!

[nela]: http://www.netzladen.org/
[fau]: http://www.fau.org/

---

Self-accusation of delicts forbidden by §202c StGB (German criminal code)

Boomtime, 38th Bureaucracy, 3173.

A while ago Michael Kubert offered to host so-called “hacker tools” and prepares a self-accusation of delicts forbidden by 202c StGB to see what happens. He posted his offer in the [comments of Stefan article about taking down MOPB exploits][MOPB takedown]. Now he prepared a [simple password cracking bruteforce tool][javaexploits] himself and offered it for download. His self-accusation happend beginning that week at the local prosecution authority Mannheim. He is very confident that nothing will happen.

Although I think it’s one way to get some information regarding that shitty paragraph, I don’t think it will really help very much. In my point of view the worst thing is not 202c itself but its connection to [303b][303b] regarding “computer sabotage” which points to [129a][129a] “forming of a terrorist organization”. As I mentioned several times, I’m quite sure that no one will ever go to jail for 202c. It’s more likely that it 202c will be used to have a more easy way to do house searches, hoping to find something interesting.

129a for example is also such weird paragraph: No one was ever convicted by that one, but it was (and still is) heavily used for starting investigations against groups and individuals. The “benefit” is mainly, that a different police is doing this investigation, so it’s much more intensive than the usual investigation regarding “normal” criminals.

Anyways, we’ll see what will happen.

A “funny” side note: The German Minister of Interal Affairs, Wolfgang Schäuble, gave an interview to the newspaper [Tagespiegel][tagespiegel], where is talking about the internet as “the universal plattform of the holy war against the western world” and that the internet “is not only for communication but also advertising, university, training camp and think tank for terrorists”. The most interesting part of it is that the German government is preparing a law for accusing people being trained in terrorist training camps. So it seems that everybody using the internet obviously participated at such camp in one way or another.

This could be really funny, but, well, in fact it’s not.

[tagesspiegel]: http://www.tagesspiegel.de/politik/;art771,2379048
[MOPB takedown]: http://blog.php-security.org/archives/91-MOPB-Exploits-taken-down.html
[javaexploits]: http://www.javaexploits.de/
[202c]: http://dejure.org/gesetze/StGB/202c.html
[303b]: http://dejure.org/gesetze/StGB/303b.html
[129a]: http://dejure.org/gesetze/StGB/129a.html

---

202c: THC’s next

Boomtime, 28th Bureaucracy, 3173.

After [Phenoelit][Phenoelit], [Stefan Esser][MOPB] and [Kismac][kismac] also [THC surrenders][thc]. I doubt that this was the last group moving their resources away from Germany.

By the way: Jan Münther of [n.runs][nruns] clarified the things in a [post on FD][fd] regarding the discussion about the [Sophos Antivirus UPX parsing vulnerability][io]. He also stated very clearly what most security people in Germany think:

As of the recent German “anti-hacking-tool laws” - these really bug
everyone around here. The biggest problem is the fuzziness of the actual
punishable acts: The law implies that the “criminal energy” is basically
contained within the tools themselves, which of course is an absurd
thought that only someone with zero contact with the actual subject
matter can come up with. However, due to these new rules nobody around
here knows what the real deal is - is having nmap on your box dangerous
now? Is having ping and telnet dangerous? What about metasploit, CANVAS
or CORE Impact, or god beware, own exploits, possibly 0days?

202c just sucks balls.

[Phenoelit]: http://www.phenoelit.de/202/202.html
[MOPB]: http://blog.php-security.org/archives/91-MOPB-Exploits-taken-down.html
[kismac]: http://kismac.de/
[thc]: http://freeworld.thc.org/welcome/press.html
[nruns]: http://www.nruns.com/
[fd]: http://seclists.org/fulldisclosure/2007/Sep/0032.html
[io]: http://blog.fukami.io/archives/2007/08/28/nruns-sophos-german-laws-and-customer-safety/

---



"If organized religion is the opium of the masses, then disorganized religion is the marijuana of the Lunatic Fringe" - Malaclypse The Younger

The Turkey Curse is powered by WordPress, template idea by Priss

Entries (RSS) and Comments (RSS).
Generated in 0.111 seconds.