freak_security_vulnerability-600x400
Source: Beta News

Until now only when someone possessed a chemical, biological or nuclear weapon, it was considered to be a weapon of mass destruction in the eyes of the law. But we could have an interesting — and equally controversial — addition to this list soon. The Bureau of Industry and Security (BIS), an agency of the United States Department of Commerce that deals with issues involving national security and high technology has proposed tighter export rules for computer security tools — first brought up in the Wassenaar Arrangement (WA) at the Plenary meeting in December 2013. This proposal could potentially revise an international agreement aimed at controlling weapons technology as well as hinder the work of security researchers.

At the meeting, a group of 41 like-minded states discussed ways to bring cybersecurity tools under the umbrella of law, just as any other global arms trade. This includes guidelines on export rules for licensing technology and software as it crosses an international border. Currently, these tools are controlled based on their cryptographic functionality. While BIS is yet to clarify things, the new proposed rule could disallow encryption license exceptions.

The new proposal is irking security researchers, who find exporting controls on vulnerability research a regulation of the flow of information. You see, these folks need to use tools and scripts that intrude into a protected system. If the proposal becomes a law, it will force these researchers to find a new mechanism to beat the bad guys.

As per the agreement, the new definition of ‘intrusion software’ refers to a tool which is capable of extraction or/and modification of data or information from a computer or network-enabled device. The modification also includes tweaking of the standard execution path of a program. In addition, the tool could also be designed to avoid detection by “monitoring tools” (software or hardware devices such as antivirus products that monitor system behaviors or processes running on a device). Tools including hypervisors, debuggers and others that are used for reverse engineering software won’t be considered as “intrusion software”.

Security items being exported to government users in Australia, Canada, New Zealand, or the UK — or the “Five Eyes” nations — would get some leeway and looser restrictions. This is because the intelligence agencies in these five nations collaborate closely. BIS is seeking comments on the proposed rule — available to all in the Federal Register — with a deadline of July 20, 2015.


OH YEAH, since we are not corporate or government owned help us out here.

YOU CAN ALSO SUPPORT US ON

We gratefully accept Crypto Coins

Dash – XiZebHViTKxjngJ8U8Gekbz34XDcMjKe29
Bitcoin – 1F6oeUnhXfr5UMC95apbJg7CLjm3BUrT8V
ETH – 0x9124589c4eAD555F04a7214214c86EA80E129abB

FOLLOW WEARECHANGE ON SOCIAL MEDIA

WEARECHANGE MERCHANDISE

https://wearechange.org/store

https://teespring.com/stores/wearechange/