Brilliant!

Well, the fallout from the German government outlawing hacking security tools (there is some vague wording about security professionals using them, but it's being reported that folks there aren't taking chances) has started already. According to the Security4All blog page, the KisMac project has shut down because of it and the Phoenolit project had to move offshore. (http://security4all.blogspot.com/2007/07/german-law-vs-security-tools-fallout.html). This reminds me of the controversy in the United States over gun control. Opponents say "If guns are outlawed, only outlaws will have guns". Same premise pretty much applies here. If the security tools we use to audit and lockdown our networks are taken away from us, we become inherently more insecure. Meanwhile, the Bad Guys will continue to utilize them. What do they care about another law? The end result of hacking is already illegal (accessing another network without permission, stealing, changing or removing data, etc.) Will this have any impact for good for the overall security posture of the Internet? I think not. Unfortunately the reverse will be the result. Let's hope this doesn't become a trend, and the good der Mensch of the German government come to their senses and revoke this law.

WMI

If you haven't played with WMI yet, check out these ISC diary articles by Mr. Incident Response himself, Ed Skoudis. Ed is top of the field in incident response and forensics, a fantastic teacher for SANS and a pretty funny guy to boot! But I digress... WMI, which stands for Windows Management Instrumentation, is a framework built into Windows XP Pro and above, for managing local and remote nodes. It has some really useful functionaility as a reporting tool for investigating security issues on the box. Read and enjoy...


http://isc.sans.org/diary.html?date=2006-03-30
https://isc.sans.org/diary.html?storyid=2376
http://isc.sans.org/diary.html?storyid=1622