Announcement

Collapse
No announcement yet.

penetration testing tools

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Re: penetration testing tools

    Is hacking of humans not allowed anymore either?

    Comment


    • #17
      Re: penetration testing tools

      @XOR: thanks, this confirms my initial starting point is at least popular :)
      @ox58: well, social engineering is a super interesting topic, but unfortunately I will not be able to refer to it since these laws are rather concerned with software and code, I cannot apply them to social engineering, they affect tools such as Nessus, John the Ripper, l0pht crack or websites such as php-security.org, packetstorm and the alike.
      Last edited by Be0wolf; February 24, 2008, 19:16.

      Comment


      • #18
        Re: penetration testing tools

        What about libnet? It is a library that can be both used for good and evil. Same can be said with so many other things! I can do SQL injection using a browser.

        There are so many things wrong with laws such as those, and I find that as a European I am ashamed of the laws that the European union is passing. Some of them are down-right against what they have stood for in the past (personal liberty, privacy and more). It shows how politicians do not have a clear grasp of what it takes to secure THEIR personal data, and that with tools that SHOW that break-ins are possible, that companies are going to become lax concerning security.

        There are already too many people in upper management that do not want to invest in IT, since they are losing money. IT does not make money so for the people up-stairs it makes no sense to put money into IT. It is not until it is shown to them how easy someone could steal information from the company USING the tools that are provided by people that they re-consider. It is too often that security/IT is considered the last thing to invest in until the company is on the news trying to explain how hackers got their top-secret-hidden data.

        Comment


        • #19
          Re: penetration testing tools

          I know what you mean, but the sad thing is: it's not only Europe which really has lost perspective, but also the USA: they ratified the Council of Europe Cybercrime Convention in 2006, funny thing is: Germany, my main focus for the paper, has not yet even ratified the treaty, but will do so soon; Russia, Canada and Japan signed it as well as South Africa, I can't tell you by heart if they have already ratified the treaty as well, the treaty came into force in 2004.
          Personally I believe that laws which forbid to offer exploit code to the public since the code provides a means to gain access to other people's data, is one of the worst steps possible, it criminalises those who really just explore AND cooperate on the matter with the organisations or people involved, but nowadays I would be very careful to contact anyone about any hole found. It pushes people into a corner and closer to the really dark spots, and apps and OS manufacturers can pretend to have become more and more secure, because no one will publish an exploit unless he can be sure he will not be in jail the very next day.
          I'm very convinced that the number of vulnerabilities published will decline within the next two years, if someone wants to bet on it: let me know.
          On the relationship between money and security: I've been working as a salesman for a network security company in Germany, and one potential customer (they were running some kind of online gambling business back in 2002) explicitly told me that they simply don't care, for them the most important thing was to gain as much money as possible in the shortest timeframe possible.
          Last edited by Be0wolf; February 24, 2008, 19:16.

          Comment

          Working...
          X