> > Luke Potter wrote: > > This may be a bit off topic, but here goes, > > The passing of this Bill has been likened to a knee jerk reaction on the > governments part, and will greatly influence how security engineers in > Australia go about their business. > > http://australianit.news.com.au/common/storyPage/0,3811,2944524%5E442,00.htm > l > I certainly don't agree with the legislation, but for what it's worth I asked our legal eagles to have a look over the draft bill and their reaction was that I am safe from prosecution, despite my collection of goodies, provided that every time we do anything to someone else's machines that we have written proof from the customer that we can mess with their systems and data. It's all about intent. If a customer engages you to perform the services of a penetration test, and in the disclaimer (we're all using legally approved disclaimers, right?) there's a load of really anal sounding legalese about how customer X acknowledges we will try to do Really Bad Things to them, they can hardly turn around and say you were in possession of these tools with intent to commit a crime. Think of locksmiths and security guards - they don't get busted for having all sorts of really cool tools and stuff, because they use them within the confines of a contractual arrangement with a customer. But if the locksmith is caught breaking and entering, or the security guard starts taking pot shots at passing motorists with his 12 gauge, the "I didn't have intent to commit a crime" defense looks pretty thin. As always, get legal advice. And not from the Internet, either. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Oct 02 2001 - 11:36:32 PDT