Next message: mea culpa: "Re: [ISN] Signs of Insecurity in Cyberspace - Analysis"
Reply From: Chris Wilson <cmw32�t_private>
> From: Gene Spafford <spaf�t_private>
> To: coastwatch�t_private
>
> If 2281 passes in anything close to its current form, it is very possible
> that much of what we do at COAST and CERIAS will become illegal. Products
> such as the ISS scanner, SATAN, SAINT, and the like may no longer be legal to
> develop, sell or distribute (or use). Firewalls will need to be "dumbed
> down" and not allowed to block or proxy traffic. Anti-virus researchers may
> be arrested for disassembling new viruses. Penetration testing would be
> illegal. Security testing of products you want to purchase or deploy might
> be a felony.
>
> In other words, Congress may shortly be passing a law that might render
> illegal most of what we do in research and application of information
> security. The end result would be that the security of our networks and
> computers would be endangered even further.
How can governments even claim to be worried about foreign penetration of
their computers and "information warfare" and in the same breath consider
passing a bill like this? If we have no means of testing, review or
defense against penetration attacks then we are WIDE OPEN to foreign
powers with no such restrictions. The argument that without our help
(to research these flaws in the first instance, e.g. BugTraq) they
would not be able to penetrate our systems, is entirely flawed because it
is based on racist principles, assuming as it does that foreign nations do
not have the intelligence to discover these security flaws for themselves.
>From what I have read, it appears to me that governments consider an
information warfare attack by outside forces to be far more of a threat
than an attack by their own countrymen. Your citizens at least have some
respect for the country and don't wish to destroy it. I don't think the
same can rationally be said of foreign dictatorships.
We cannot deny that security flaws exist in our products. Nor can we deny
that it is in the authors' best interests not to reveal those flaws, since
it is bad for business. If it becomes illegal for neutral third parties
such as the contributors to BugTraq to research and offer solutions to
these problems, then only outlaws and foreign agents will do so. Is that a
better solution? I think not. I hope you agree with me.
Cheers, Chris.
___ __ _
/'__// / ,__(_)_ Wilson <Chris.Wilson�t_private>
/ (_ / ,\/ _/ /_ \ Webmaster/SysAdmin/Timelord/BOFH/Programmer
\__//_/_/_//_/___/ "1998 isn't MCMXCVIII. The Romans would have used MIIM"
-o-
Subscribe: mail majordomo�t_private with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30
: Fri Apr 13 2001 - 12:57:45 PDT