|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Darren (darren.turnbull
btinternet.com)
Date: Sun May 31 2009 - 08:21:39 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----Original Message-----
From: Aarón Mizrachi <unmanarcgmail.com>
Sent: 29 May 2009 09:11
To: pen-testsecurityfocus.com
Cc: subscribe subscribe <subscr1b3m3gmail.com>; Renato Bovo Inácio <renatobovogmail.com>
Subject: Re: Automated wireless testing script
On Jueves 28 Mayo 2009 15:23:13 subscribe subscribe escribió:
> Thanks for your interest.. I wanted to ask you guys this. I'm a bit
> worried if my tool will cause me any legal problems incase it is
> misused.. Is GPL enough to protect me?
>
GPL does not protect you against legal problems derived of illegal use by
third party...
GPL protect your software freedom to copy, modify, redistribute, etc.... And
protect your software from being reassembled with commercial pourporses ( GPL
is viric ;-) )
-----------------
Im not a lawyer... It may depend on country, but this is my opinion:
1. You can put a disclaimer who advice the end user that should not be used
for illegal pourporse. For many countries, this should be acceptable.
2. MANY software can be used for malicious pourporses... SSH could be used as
a backdoor, Microsoft SMB protocol also..., aircrack-ng suite also could be
used for malicious pourporses, inclusive, the linux popular command "rm" could
be used for crime also, Nessus is a harmful tool that can be used also for
criminal pourporses.
So, your software also can be used for malicious pourporses...
BUT. There is a fact, software like this one, can be used also for Pentesting
(Ethical Hacking), and proof of concept. That is a legal pourporse.
Ethical point of view:
Your software is not exploiting a zero day, the full disclosure method are
fulfilled, the vendor was adviced of WEP/WPA bugs and the time to patch this
bugs is over. Nothing else to say.
--------------
I released a software in the same situation on 2004.
Was called, URCS... and was a RAT (Remote Admin Tool).
URCS were designed with ethic, URCS does not hide their proccess, URCS have an
authentication plataform, URCS also have an installer. URCS does not have any
infection engines, URCS does not have also any method to prevent their hand
removal, URCS activate logs by default with connection IP a
[The entire original message is not included]
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]