[Gllug] Uh oh, govt attempting to regulate "hacking"

Ben Fitzgerald ben_m_f at yahoo.co.uk
Wed Mar 8 12:43:02 UTC 2006


On Wed, Mar 08, 2006 at 11:41:23AM +0000, Aaron Trevena wrote:
> On 07/03/06, Adrian McMenamin <adrian at mcmen.demon.co.uk> wrote:
> > On Tue, 2006-03-07 at 17:14 +0000, Richard Jones wrote:
> > > While I think that we desperately need measures to imprison spammers,
> > > bot-net owners, phishers, online fraudsters and so on, I don't have
> > > much confidence in the tech ignoramuses in our government to legislate
> > > usefully.  Well, they're up to it anyway:
> > >
> > > http://news.bbc.co.uk/1/hi/technology/4781608.stm
> > >
> > > Here are the relevant clauses:
> > >
> > > http://www.publications.parliament.uk/pa/cm200506/cmbills/119/06119.27-33.html#j381
> > >
> > > Clause 35 appears to make distribution of hacking tools illegal (nmap,
> > > anyone?)
> >
> >
> > Not to me. It seems to make it illegal to put nmap on your website and
> > say "use this to crack someone's security".
> >
> > I think there are some flaws in the Computer Misuse Act but I think this
> > provision - which makes the distribution of rootkits illegal - is not
> > one of them
> 
> Right - I'd rather be able to find out about rootkits in the wild and
> be able to analyse them or read other peoples analysis of them and so
> be able to take action - rather than leave them exclusively in the
> hands of black hats.

I agree this strikes at the core of what makes open source more secure.
Security through obscurity is not the way. Rootkits will be distributed
whether this is illegal or not.

In any case, can government really influence this? Or are they once
again reacting because they feel "something must be done".

Banning stuff doesn't seem to work. Yes you can prosecute transgressors,
but when the problem is this large, it becomes impractical (e.g. mp3s or
drugs).

Also, if they make rootkit distribution illegal those who want to propagate
for malicious use will simply upload them to an owned box, putting the clueless
owner at risk. Perhaps they would be better spending the money on IT
security education? Just a thought!

Ben.

-- 
Registered Linux user number 339435
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list