On Sun, Apr 6, 2014 at 4:24 AM, Henri Salo <[email protected]> wrote: > On Sat, Apr 05, 2014 at 01:23:51PM +0300, Toni Korpela wrote: >> Greetings from Finland. >> >> I know that here it is illegal to import, manufacture, sell >> or otherwise distribute such machine or software which >> are designed to endanger or harm information and >> communication systems. > <snip> > > Basic examples, which I have personally encountered: > > 1) Not allowed to port scan. Some ISPs are already monitoring and warning > users > in case they do port scanning, but the reason for alerting might only be that > they monitor and try to get rid of malware in their networks. > 2) Not allowed to list vulnerable systems. I can't for example list all > non-updated WordPress installations with their version numbers even this > information is available to anyone.
Item 2 is kind of interesting. Can you cite a reference? I ask because the US's DMCA has provisions for Security Testing & Evaluation and Reverse Engineering. So we are allowed to "test" the system (some hand waiving), but its unclear [to me] what can be done after the testing. The ST&E exemption is in Section 1205 (i) SECURITY TESTING. The RE exemption is in Section 1205 (f) REVERSE ENGINEERING. Sorry to wander off-topic... _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
