Sign in / up

back to article ID yourself or get NOTHING (except Framework), snarls Metasploit

Metasploit Pro and Community users outside North America now need to prove who they are, thanks to changes introduced this week and a tightening of encryption export rules. The open source Metasploit Framework (a computer security project) is not affected by the new rules. "[This] is yet another reminder that governments have …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    Hilarious

    This kind of thing really is the cherry on top for anyone still wondering if US.gov has a clue.

    Perhaps if this policy had been in place pre-Snowden, he would've been preventing from doing his deed because he would have had to apply to the Commerce Department for an export license before getting on the plane to Hong Kong.

    Or perhaps the Russian hackers inside the State Department e-mail system will now have to apply for a license to export the data back to Russia.

    L. O. Freakin. L.

    8 0 Reply
  2. Tomato42
    FAIL

    Morons, the lot of 'em.

    ...because the only technical expertise resides inside US, especially after they have offshored all jobs they could.

    8 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      wait a sec

      >Morons, the lot of 'em.

      I hope you are talking about US policy makers (or one could say policy makers in general) and not about 300+ million people. Far too often people confuse the US general public with our %1ers. In virtually no other developed democracy do the the %99 have less say in how the government runs day to day (UK sounds close though).

      2 0 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        @AC - Re: wait a sec

        So why do the general public tolerate the policy makers ? Good Lord, if I'm not mistaking you have the chance to use your vote to change things from time to time but the 99% constantly fail to do it so how do you suppose we should label them ?

        0 0 Reply
        1. Anonymous Coward
          Reply Icon
          Anonymous Coward

          @AC - Re: @AC - wait a sec

          That rather assumes that votes have an effect on the outcome of elections.

          3 0 Reply
          1. Anonymous Coward
            Reply Icon
            Anonymous Coward

            Re: @AC - @AC - wait a sec

            When all you got is two shitty choices with the only difference being the rhetoric not much changes. With a culture based on corporatism nobody really starves so not a lot of appetite for revolution. The greedy Baby Boomers %1ers though are pushing the boundaries what with the poles real income not going up since the Boomers themselves actually worked for a living.

            0 0 Reply
  3. Crazy Operations Guy

    Possible loopholes

    Would these rules apply to a US company / organization that writes and distributes their code from outside the US? What about getting the encryption code from a third party?

    What would stop a company from shipping crappy encryption in the box but then having the software just pull the appropriate libraries from a server in Canada, Sweden, Vietnam, etc?

    But what I've always wondered was why there are security companies still operating out of the US. With the NSA screwing things up and congress enacting crazy laws like this, I have to wonder why anyone would bother researching security in the 'states anymore... With the level of globalization in the western world (and large swathes of the east), there isn't much to differentiate countries anymore aside from what the legal landscape looks like and what language they speak (Although there are a lot of English-speaking communities to live amongst until the local language can be learned)

    0 0 Reply
    1. Graham Cobb Silver badge
      Reply Icon

      Re: Possible loopholes

      Would these rules apply to a US company / organization that writes and distributes their code from outside the US?

      Yes. At least assuming the underlying rules haven't changed since I did Export Compliance training while working for a US company in the UK last century. A US company can (and will) be subject to penalties if it provides any access to export controlled materials (not just software: manuals, training and professional services are included) to denied parties.

      The legal basis seems fairly reasonable in this case: Metasploit is clearly a munition, although dual use. And arms control is what these regulations were designed for. Unfortunately, they weren't really designed for software -- which isn't that hard to engineer, in the modern world.

      1 0 Reply
  4. frank ly

    Wait a minute

    "PGP isn't a good comparison, [as] Metasploit Framework is still open source and available globally," he said in a Twitter update.

    Apart from a name change, isn't 'PGP' open source and available globally?

    4 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Wait a minute

      OpenPGP certainly is, I updated to GnuPG 2.1 and made myself a new shiny ECDSA key with it just recently.

      Maybe the original PGP was proprietary, certainly it used some patented algorithms (IDEA)… but hardly anyone uses the original PGP protocol now, it's all OpenPGP.

      1 0 Reply
  5. Bob Dole (tm)

    Yet another

    Waste of time by the US government.

    1 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like